Scanning for trojans

From: Discussion Lists (discussions_at_lagraphico.com)
Date: 04/27/03

  • Next message: Devilscrow Sr: "RE: Port Scanners / Sniffers Review" 
    Date: Sun, 27 Apr 2003 10:19:34 -0700
To: <pen-test@securityfocus.com>

    Hi all,
    I have discovered what I believe is a trojan on a port that is a
    non-standard port for that particular trojan, but I want to narrow down
    the possibilities of what it could be. Can anyone suggest a trojan
    scanner that can detect a trojan by simply scanning for open ports, and
    connecting?

    Thanks

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
    world's premier event for IT and network security experts. The two-day
    Training features 6 hand-on courses on May 12-13 taught by professionals.
    The two-day Briefings on May 14-15 features 24 top speakers with no vendor
    sales pitches. Deadline for the best rates is April 25. Register today to
    ensure your place. http://www.securityfocus.com/BlackHat-pen-test
    ----------------------------------------------------------------------------

  • Next message: Devilscrow Sr: "RE: Port Scanners / Sniffers Review"

    Relevant Pages

    • Re: New trojan? Old trojan with new characteristics? Anyone seenthis?
      ... received and snort logs from the IRC server itself, ... more or less positively identify these things as DTHN (Dynamic Trojan ... Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the ... Training features 6 hand-on courses on May 12-13 taught by professionals. ...
      (Incidents)
    • Re: My Game Needs a Port Listed as Trojan Port
      ... > my games uses this port. ... The trojan has to be installed on your machine, ... > that my virus scan knows that this game is ok to use this port although it ... Antivirus shouldn't have anything to do with it: but for a firewall it will. ...
      (comp.security.firewalls)
    • Re: netstat finds something strange?
      ... I dunno about heuristics or viruses or trojans, ... should have your PC name as the name listening on each different port. ... > The free pest patrol scanner just looks for port numbers that are open ... >> What the heck kind of virus or trojan does this. ...
      (microsoft.public.win2000.security)
    • Re: svchost.exe
      ... Svchost.exe is tied in with RPC somehow and win2k needs it. ... If you did a netstat -an in the DOS command prompt, ... the process list and port 135 is closed and it no longer shows up on ... The trojan was listening on port ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Trojan found...
      ... I checked Add/Remove programs and found MIRC installed so appearently ... the 406.reg file adds the trojan to the run key and the folder that this key points to ... Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the ... Training features 6 hand-on courses on May 12-13 taught by professionals. ...
      (Incidents)