Security Incidents mailing list archives
Re: Trojan of somesort
From: Greg Bolshaw <greg () linuxtechnologies co uk>
Date: Tue, 25 May 2004 22:00:53 +0100
Bob the Builder wrote:
I am currently doing an investigation into a compromised system. Before
pulling the plug I netcatted to a suspicous open port and received the
following banner:
220 SiGN - FR33-FXP3rs - On Da FUcKiNG C@S£!!!
I am presuming this to be the welcome banner for a trojan horse of some
sort. Has anybody seen this before or does anybody know anything about
it or what Trojan this might be?
It's issuing a 220 - that's the welcome code for SMTP. Try sending a HELO or EHLO. If it responds with a 250, my bet is it's running as an open relay.
-- Greg Bolshaw <greg () linuxtechnologies co uk> Consultant Linux Technologies http://www.linuxtechnologies.co.uk/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Trojan of somesort Bob the Builder (May 25)
- Re: Trojan of somesort Greg Bolshaw (May 25)
- Re: Trojan of somesort Brian Eckman (May 25)
- Re: Trojan of somesort Anonymous (May 27)
- RE: Trojan of somesort Rob Shein (May 25)
- Re: Trojan of somesort Andrew Smith (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort Paul Schmehl (May 26)
- <Possible follow-ups>
- Re: Trojan of somesort MATT GIBSON (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort caldcv (May 26)