Hi,
I found the following description at ISS:
Deep Throat Trojan which runs a keylogger at port 999 and "Puts the file
C:\Windows\systray.exe on your disk. The idea is to masquerade as the real
systray.exe program located in C:\Windows\system. It changes the existing "Run"
registry setting for SystemTray to the new program. Simply removing the "Run"
entries or removing the systray.exe program will remove the Trojan.
Ports
The trojan will listen on: 6670/tcp, 3150/tcp, 2140/tcp, 2140/udp, 3150/udp. "
More Info here:
http://www.iss.net/security_center/advice/Phauna/RATs/programs/Deep_Throat/default.htm
Good day.
maNSOor
-----Original Message-----
From: "Gargac. Jeff" <jgargac@maryville.edu>
To: <pen-test@securityfocus.com>
Date: Wed, 25 Aug 2004 08:54:14 -0500
Subject: tcp port 999
Hi all,
I ran nmap across one of my Windows XP SP1 workstations and it report
tcp port 999 open with the description of garcon. Does anyone have an
idea as to what this is? I've searched google and am unable to find a
description. Thanks,
Jeff
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
