Penetration Testing mailing list archives
RE: Scanning for trojans
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 28 Apr 2003 18:55:30 -0400
Most trojans are awfully sparse on response information if you don't authenticate to them properly. I don't think such a tool exists, and if it did, I think it would only spot a few of the many possible trojans out there. A long shot might be to check out which well-known trojans are easily reconfigured to use different ports (like BO2K) and do a quick check for those. Otherwise, it's entirely possible that the trojan has been slightly rewritten to make it remotely unidentifiable anyways. -----Original Message----- From: Discussion Lists [mailto:discussions () lagraphico com] Sent: Monday, April 28, 2003 6:06 PM To: Eric; pen-test () securityfocus com Subject: RE: Scanning for trojans Thanks, but in my case I don't have local access to the machine, so it would be helpful to find a way to identify it remotely. I am beginning if such an animal actually exists? Thanks
-----Original Message----- From: Eric [mailto:ews () tellurian net] Sent: Monday, April 28, 2003 2:26 PM To: Discussion Lists; pen-test () securityfocus com Subject: Re: Scanning for trojans map the open port back to the executable that launched it. ...Microsoft specific advice... If on Win2K, use fport from foundstone. If XP, try fport, or do netstat -on and map the PID back to the executable. At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:Hi all, I have discovered what I believe is a trojan on a port that is a non-standard port for that particular trojan, but I want tonarrow downthe possibilities of what it could be. Can anyone suggest a trojan scanner that can detect a trojan by simply scanning for openports, andconnecting? Thanks --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 inAmsterdam, theworld's premier event for IT and network security experts.The two-dayTraining features 6 hand-on courses on May 12-13 taught byprofessionals.The two-day Briefings on May 14-15 features 24 top speakerswith no vendorsales pitches. Deadline for the best rates is April 25.Register today toensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Scanning for trojans Discussion Lists (Apr 28)
- Re: Scanning for trojans cdowns (Apr 28)
- <Possible follow-ups>
- Re: Scanning for trojans Eric (Apr 28)
- RE: Scanning for trojans Discussion Lists (Apr 28)
- RE: Scanning for trojans Rob Shein (Apr 29)
- RE: Scanning for trojans Discussion Lists (Apr 29)
- re: Scanning for Trojans anj (Apr 30)