This is old news, you should keep more up to date.
Provided below is a brief synopsis of the Hack'a'Tack trojan.
A new remote control trojan has been making its way around the 'net. It's
referred to as "Hack'a'tack". It was written by two persons referring to
themselves as Da SuckA & The Bart33.
The server portion has a filename of "expl32.exe" (236KB 5/16/99 2:49PM) and
can be found in the c:\windows directory.
The registry branch where the server portion is configured to load upon
system start is:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
The key under the branch, has a Name of "Explorer32" and a Value of
"C:\WINDOWS\Expl32.exe"
The ports used by this trojan include the following:
TCP ports 31785 and 31787
UDP ports 31789 and 31791
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dan
> Sent: Friday, July 30, 1999 6:31 AM
> To: [EMAIL PROTECTED]
> Subject: What is port 31790/31789?
>
>
> I can't find this in the IANA list, or on a page of commonly
> used trojans. I have been scanned a couple times on this
> port an am curious what they are after.
>
> Thanks,
> Dan Lenhard
> System Admin
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
