Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

DS trojan opens ports fport does not detect?

From: <junk () zounds net>
Date: Thu, 11 Dec 2003 22:12:50 -0600 (CST)
Recently, when attempting to play Dungeon Siege with a friend, I installed
a crack he found on the internet.  (we each purchased the game)

His machine began responding to port scans on tcp 25 and 110.  I could
telnet to these ports, and the response was to clear my screen, and on any
keypress, to drop the connection.  He said he could not telnet to port 25
on his machine via localhost.

After installing the crack on my machine, i found i could telnet to port
25 and get the connection with no banner.

Neither Norton anti virus nor adaware found anything.  I erased the dll,
and  port 25 closed for a while, but it is open again (sigh).

But using tools like netstat, fport, or tcpview did not show any activity
on 25 or 110.  Zone alarm isnt detecting is making outgoing connections. 
Isnt the point of a tool like fport to detect and find the application
that opens ports?  Is it common for these tools to be evaded?

I will email the trojan if anyone that wants to analyze it.  Contact me at

marc at (nospam) zounds net






---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: