hacker.org

The Hacker's Home
https://www.hacker.org/f3/

PD: Trojan Virus

https://www.hacker.org/f3/viewtopic.php?t=1418

Page 1 of 1

PD: Trojan Virus

Posted: Tue Mar 31, 2009 8:40 am
by S3th
Ok, friends website and users of that website are being infected by a trojan; "Trojan horse Generic12.BYMI"

It is a radio website, with streaming music.
Here is the port information about the website;
www.habbotiles.net
Initiating Ping Scan at 18:34
Scanning 70.38.56.186 [2 ports]
Completed Ping Scan at 18:34, 0.44s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:34
Completed Parallel DNS resolution of 1 host. at 18:34, 0.73s elapsed
Initiating SYN Stealth Scan at 18:34
Scanning ip-70-38-56-186.static.privatedns.com (70.38.56.186) [1715 ports]
Discovered open port 21/tcp on 70.38.56.186
Discovered open port 113/tcp on 70.38.56.186
Discovered open port 80/tcp on 70.38.56.186
Discovered open port 3306/tcp on 70.38.56.186
Discovered open port 2121/tcp on 70.38.56.186
Completed SYN Stealth Scan at 18:35, 42.50s elapsed (1715 total ports)
Host ip-70-38-56-186.static.privatedns.com (70.38.56.186) appears to be up ... good.
Interesting ports on ip-70-38-56-186.static.privatedns.com (70.38.56.186):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp filtered smtp
80/tcp open http
113/tcp open auth
139/tcp filtered netbios-ssn
179/tcp filtered bgp
445/tcp filtered microsoft-ds
2121/tcp open ccproxy-ftp
3306/tcp open mysql

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 43.976 seconds


Anything we can do to help? Come on Ethical hackers, lets get in and help someone in need :P.
Treader, you're good at finding information, are you able to find any information on the Trojan?

Posted: Tue Mar 31, 2009 1:20 pm
by plope0726
Can you get the actual name of the trojan? Since the name you have is a Generic, its a little harder to locate. Did you use AVG to fid this? I kow sometimes it pops up generic when it know something is bad but doesn't have the definition for it.

ftp, and mysql, should not be wide open like that (unless hes certain he needs it) Is he runing a mail server with that? if not he can close smtp. netbios should prbably be closed too, from my opinion, unless otherwise needed the only port that is a Must for web traffic is 80 (http). I do some research and see about the other ports

Ethical

Posted: Wed Apr 01, 2009 1:35 pm
by tomtomtomtom
It's not Ethical to perform an Network Mapping without consent, but I'll help nonetheless :P

Here's some help

Posted: Wed Apr 01, 2009 1:36 pm
by tomtomtomtom
http://analytics.hosting24.com/count.php
Check it out, it's in that site's source

Posted: Wed Apr 01, 2009 1:37 pm
by S3th
I had consent to perform the network mapping.

Posted: Wed Apr 01, 2009 11:18 pm
by i am red
i found this just in time, my mom's desktop is infected. and its the buisness desktop too,

Posted: Thu Apr 02, 2009 10:21 pm
by Zaffron
Its kind of ironic that trojan is a brand of condom... A trojan is a virus but the condom is supposed to protect.

Posted: Fri Apr 03, 2009 12:02 am
by i am red
True, but think of it in this perspective, a trojan penatrates a computer. A trojan condom penetrates a woman (or man, depends on what your in to :wink: ). So in a sick and twisted way the name kinda fits.

Posted: Fri Apr 03, 2009 5:19 am
by Zaffron
...in a sick twisted way nonetheless...

Posted: Fri Apr 03, 2009 7:54 pm
by i am red
ya, lol

Posted: Sat Apr 11, 2009 4:09 pm
by treader
I dont correctly know what this is but by readeing it correctly it uses the open ports to collect information.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited