PD: Trojan Virus

S3th · Post by **S3th** » Tue Mar 31, 2009 8:40 am

Ok, friends website and users of that website are being infected by a trojan; "Trojan horse Generic12.BYMI"

It is a radio website, with streaming music.
Here is the port information about the website;
www.habbotiles.net
Initiating Ping Scan at 18:34
Scanning 70.38.56.186 [2 ports]
Completed Ping Scan at 18:34, 0.44s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:34
Completed Parallel DNS resolution of 1 host. at 18:34, 0.73s elapsed
Initiating SYN Stealth Scan at 18:34
Scanning ip-70-38-56-186.static.privatedns.com (70.38.56.186) [1715 ports]
Discovered open port 21/tcp on 70.38.56.186
Discovered open port 113/tcp on 70.38.56.186
Discovered open port 80/tcp on 70.38.56.186
Discovered open port 3306/tcp on 70.38.56.186
Discovered open port 2121/tcp on 70.38.56.186
Completed SYN Stealth Scan at 18:35, 42.50s elapsed (1715 total ports)
Host ip-70-38-56-186.static.privatedns.com (70.38.56.186) appears to be up ... good.
Interesting ports on ip-70-38-56-186.static.privatedns.com (70.38.56.186):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp filtered smtp
80/tcp open http
113/tcp open auth
139/tcp filtered netbios-ssn
179/tcp filtered bgp
445/tcp filtered microsoft-ds
2121/tcp open ccproxy-ftp
3306/tcp open mysql

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 43.976 seconds

Anything we can do to help? Come on Ethical hackers, lets get in and help someone in need

.
Treader, you're good at finding information, are you able to find any information on the Trojan?

plope0726 · Post by **plope0726** » Tue Mar 31, 2009 1:20 pm

Can you get the actual name of the trojan? Since the name you have is a Generic, its a little harder to locate. Did you use AVG to fid this? I kow sometimes it pops up generic when it know something is bad but doesn't have the definition for it.

ftp, and mysql, should not be wide open like that (unless hes certain he needs it) Is he runing a mail server with that? if not he can close smtp. netbios should prbably be closed too, from my opinion, unless otherwise needed the only port that is a Must for web traffic is 80 (http). I do some research and see about the other ports

tomtomtomtom · Post by **tomtomtomtom** » Wed Apr 01, 2009 1:35 pm

It's not Ethical to perform an Network Mapping without consent, but I'll help nonetheless

tomtomtomtom · Post by **tomtomtomtom** » Wed Apr 01, 2009 1:36 pm

http://analytics.hosting24.com/count.php
Check it out, it's in that site's source

S3th · Post by **S3th** » Wed Apr 01, 2009 1:37 pm

I had consent to perform the network mapping.

i am red · Post by **i am red** » Wed Apr 01, 2009 11:18 pm

i found this just in time, my mom's desktop is infected. and its the buisness desktop too,

Zaffron · Post by **Zaffron** » Thu Apr 02, 2009 10:21 pm

Its kind of ironic that trojan is a brand of condom... A trojan is a virus but the condom is supposed to protect.

i am red · Post by **i am red** » Fri Apr 03, 2009 12:02 am

True, but think of it in this perspective, a trojan penatrates a computer. A trojan condom penetrates a woman (or man, depends on what your in to

). So in a sick and twisted way the name kinda fits.

Zaffron · Post by **Zaffron** » Fri Apr 03, 2009 5:19 am

...in a sick twisted way nonetheless...

i am red · Post by **i am red** » Fri Apr 03, 2009 7:54 pm

ya, lol

treader · Post by **treader** » Sat Apr 11, 2009 4:09 pm

I dont correctly know what this is but by readeing it correctly it uses the open ports to collect information.

hacker.org

PD: Trojan Virus

PD: Trojan Virus

Ethical

Here's some help