[Snort-users] spy sender alerts - what is this
jforster at ...176...
Thu Oct 5 16:15:03 EDT 2000
This the info you needed, Jerry?
The server is hidden in a file called "client.exe. Once executed, the
server will open port 1807 on the infected computer.
When run, it registers itself in
RapidNet / DakotaConnect
----- Original Message -----
From: "Jerry Shenk" <jas at ...129...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, October 05, 2000 12:39 PM
Subject: [Snort-users] spy sender alerts - what is this
> Anybody know anything about "spy sender" - UDP port 1807. Anything I can
> find seem like it's in the backdoor/remote control category but info is
> limited. The Arachnids database talks about one that uses TCP and I found
> link at http://www.mks-vir.com.pl/trojany/spysender065b.html that seems
> a match but I can't speak polish very well;).
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users