Re: Scanning for trojans

From: Eric (ews_at_tellurian.net)
Date: 04/28/03

  • Next message: Discussion Lists: "RE: Scanning for trojans" 
    Date: Mon, 28 Apr 2003 16:25:49 -0500
To: "Discussion Lists" <discussions@lagraphico.com>, <pen-test@securityfocus.com>

    map the open port back to the executable that launched it.

    ...Microsoft specific advice...
    If on Win2K, use fport from foundstone. If XP, try fport, or do netstat
    -on and map the PID back to the executable.

    At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:
    >Hi all,
    >I have discovered what I believe is a trojan on a port that is a
    >non-standard port for that particular trojan, but I want to narrow down
    >the possibilities of what it could be. Can anyone suggest a trojan
    >scanner that can detect a trojan by simply scanning for open ports, and
    >connecting?
    >
    >Thanks
    >
    >---------------------------------------------------------------------------
    >Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
    >world's premier event for IT and network security experts. The two-day
    >Training features 6 hand-on courses on May 12-13 taught by professionals.
    >The two-day Briefings on May 14-15 features 24 top speakers with no vendor
    >sales pitches. Deadline for the best rates is April 25. Register today to
    >ensure your place. http://www.securityfocus.com/BlackHat-pen-test
    >----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does.
    Plug your security holes.
    Download a free 15-day trial of VAM:
    http://www.securityfocus.com/StillSecure-pen-test
    ----------------------------------------------------------------------------

  • Next message: Discussion Lists: "RE: Scanning for trojans"

    Relevant Pages

    • Re: Open Ports on windoze 95/98
      ... > will tell you which program is listening on an open port in ... > windoze 95/98? ... Click Intrusion Detection and Fport ...
      (Security-Basics)
    • ANSW: Map a port to a process
      ... Does microsoft provide any tool to map an open port to an active process? ... How can we be expected to actually secure a system if we cannot even determine what processes are using which open ports? ...
      (microsoft.public.security)
    • Map a port to a process
      ... Does microsoft provide any tool to map an open port to an active process? ... How can we be expected to actually secure a system if we cannot even determine what processes are using which open ports? ...
      (microsoft.public.security)
    • Can I manually close an open port?
      ... I ran a security check through Symantec and it found 1 ... open port, which it indicated is vulnerable to a trojan ... virus. ...
      (microsoft.public.win2000.security)
    • Re: Blade Runner [5400]
      ... It's a Trojan that usually uses ports 5400-5402 ... > A LanGuard scan showed an open port on 4100 and called it ... > What is Blade Runner? ...
      (microsoft.public.windowsxp.security_admin)