[Full-Disclosure] unknown backdoor: 220 StnyFtpd 0wns j0

[Ryan Sumida]

I've been finding a few compromised Windows systems on our campus that have a random port open with a banner of "220 StnyFtpd 0wns j0".  All the systems seem to be doing SYN scans on port 445 and LSASS buffer overflow attempts.  Anyone know what worm/bot is doing this?  I don't have access to these machines so I can only get a network view of what the systems are doing.

Thanks,

Ryan