[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Weird traffic to port 10101
The Brain Spy trojan also uses port 10101. Below is some information: Name: BrainSpy Aliases: Backdoor.BrainSpy, Ports: 10101 Files: Brainspy.zip - 288,319 bytes Brainspy.exe - 292,864 bytes Brains~1.exe - 49,152 bytes Server.exe - Created: Sep 1999 Requires: N/A Actions: Remote Access Aside from normal Remote Access features, the trojan also removes all virus scan files. Versions: beta, Registers:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ Notes: Works on Windows 95 and 98. -----Original Message----- From: Steve R [mailto:[email protected]] Sent: Wednesday, October 03, 2001 5:31 PM To: Joe Pampel; [email protected] Subject: Re: [FW1] Wierd traffic to port 10101 Hi Joe, I know TCP/10101 is used for Support Access into Borderware Firewall Servers. Cheers, SteveR 10/4/01 1:36:26 AM, "Joe Pampel" <[email protected]> wrote: > >I'm getting lots of hits on my FW originating from port 36333 (rpc??) and heading for my port 10101. Looks like some kind of trojan or virus at first guess (port # looks chosen). Anyone else seeing this at all? > >TIA, > >- Joe > > > >===================================================================== =========== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >===================================================================== =========== > > > Steve Rielly Security Engineer Extranet Technologies Limited Level 3, 60 Cook St, Auckland, New Zealand P.O. Box 7726, Wellesley Street, Auckland, New Zealand Ph: +, Mob: 025 835530 Fax: +============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|