Security Incidents mailing list archives

RE: Trojan of somesort

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 25 May 2004 16:54:13 -0400

It looks like an FTP status reply.  The "220" indicated "Service ready for
new user".  What happens if you try to connect to it with an FTP client?

-----Original Message-----
From: Bob the Builder [mailto:builder173 () hotmail com] 
Sent: Monday, May 24, 2004 4:30 AM
To: incidents () securityfocus com
Subject: Trojan of somesort


Hi,
I am currently doing an investigation into a compromised 
system. Before 
pulling the plug I netcatted to a suspicous open port and 
received the 
following banner:
          220 SiGN - FR33-FXP3rs - On Da FUcKiNG C@S£!!!
I am presuming this to be the welcome banner for a trojan 
horse of some 
sort. Has anybody seen this before or does anybody know 
anything about it or 
what Trojan this might be?

Cheers,

Bob

_________________________________________________________________
Get 200+ ad-free, high-fidelity stations and LIVE Major 
League Baseball 
Gameday Audio! 
http://radio.msn.click-> url.com/go/onm00200491ave/direct/01/

Current thread:

Trojan of somesort Bob the Builder (May 25)
- Re: Trojan of somesort Greg Bolshaw (May 25)
- Re: Trojan of somesort Brian Eckman (May 25)
  - Re: Trojan of somesort Anonymous (May 27)
- RE: Trojan of somesort Rob Shein (May 25)
- Re: Trojan of somesort Andrew Smith (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort Paul Schmehl (May 26)
- <Possible follow-ups>
- Re: Trojan of somesort MATT GIBSON (May 26)
  - Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort caldcv (May 26)