Re: Scanning for trojans

[cdowns <cdowns () drippingdead com>]

Is this a windows based trojan ? if so you could write a quick NASL 
plugin checking remote registry for this trojan and get network output.

I guess we ( I ) would need more information on the trojan, atleast the 
platform OS that you believe is contaminated.

~!>D

Discussion Lists wrote:

> Hi all,
> I have discovered what I believe is a trojan on a port that is a
> non-standard port for that particular trojan, but I want to narrow down
> the possibilities of what it could be.  Can anyone suggest a trojan
> scanner that can detect a trojan by simply scanning for open ports, and
> connecting?
>
> Thanks
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
> world's premier event for IT and network security experts.  The two-day 
> Training features 6 hand-on courses on May 12-13 taught by professionals.  
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
> sales pitches.  Deadline for the best rates is April 25.  Register today to 
> ensure your place.  http://www.securityfocus.com/BlackHat-pen-test 
> ----------------------------------------------------------------------------
>
>
>
>  


--
------------------------------------------
     Network Security Engineer 
     http://www.angrypacket.com
      Christopher M Downs,RHCE
    cdowns () bigunz angrypacket com
        
  char ash[]="\x48\x61\x69\x6C\x20"
  "\x74\x6F\x20\x74\x68\x65\x20\x4B"
  "\x69\x6E\x67";
-------------------------------------------




---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------