Backdoor Servers and Trojans
- Back Orifice (BO), original in 1998, new version 2k. There are plug-ins. Originally listened to UDP port 31337 (but it can be configured to run in other ports), but 2K uses TCP port 54320 or UDP port 54321 (default, can be changed). Symantec description. This is a scanner for BO.
- NetBus, graphical oriented, more user friendly, listen to TCP ports 12345 or 20034 by default (configurable). Symantec description. See this page for details, screen shoot, removal tools.
- SubSeven (S7S), very popular, comprehensive and easy to use, Listen to port 27374 (again configurable). Symantec description. See utilities to remove it in this page.
- Countermeasures:
- backdoor server run in target machine, not remotely. Lock your machine! Close the default ports (better only open what you need).
- Save attachments to a directory, run virus scanner on the file you saved. Most virus scanners (set to scan all files) can detect (and some times remove) backdoor server trojans, see Symantec list.
- See also PacketStorm Trojans page, for removal tools