Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: trjnport.txt

Another list of Trojans/Backdoors/RATs and the ports they open




After seeing several questions about traffic directed at ports as 31337 and

12345 I've put together a list of all trojans known to me and the default

ports they are using. Of course several of them could use any port, but I

hope this list will maybe give you a clue of what might be going on.

port       21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx,

                    WinCrash
port       23 - Tiny Telnet Server
port       25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz

                    Stealth, Terminator, WinPC, WinSpy

port       31 - Hackers Paradise
port       80 - Executor
port     456 - Hackers Paradise
port     555 - Ini-Killer, Phase Zero, Stealth Spy
port     666 - Satanz Backdoor
port   1001 - Silencer, WebEx
port   1011 - Doly Trojan
port   1170 - Psyber Stream Server, Voice
port   1234 - Ultors Trojan
port   1245 - VooDoo Doll
port   1492 - FTP99CMP
port   1600 - Shivka-Burka
port   1807 - SpySender
port   1981 - Shockrave
port   1999 - BackDoor
port   2001 - Trojan Cow
port   2023 - Ripper
port   2115 - Bugs
port   2140 - Deep Throat, The Invasor
port   2801 - Phineas Phucker
port   3024 - WinCrash
port   3129 - Masters Paradise
port   3150 - Deep Throat, The Invasor
port   3700 - Portal of Doom
port   4092 - WinCrash
port   4590 - ICQTrojan
port   5000 - Sockets de Troie
port   5001 - Sockets de Troie
port   5321 - Firehotcker
port   5400 - Blade Runner
port   5401 - Blade Runner
port   5402 - Blade Runner
port   5569 - Robo-Hack
port   5742 - WinCrash
port   6670 - DeepThroat
port   6771 - DeepThroat
port   6969 - GateCrasher, Priority
port   7000 - Remote Grab
port   7300 - NetMonitor
port   7301 - NetMonitor
port   7306 - NetMonitor
port   7307 - NetMonitor
port   7308 - NetMonitor
port   7789 - ICKiller
port   9872 - Portal of Doom
port   9873 - Portal of Doom
port   9874 - Portal of Doom
port   9875 - Portal of Doom
port   9989 - iNi-Killer
port 10067 - Portal of Doom
port 10167 - Portal of Doom
port 11000 - Senna Spy
port 11223 - Progenic trojan
port 12223 - Hack99 KeyLogger
port 12345 - GabanBus, NetBus
port 12346 - GabanBus, NetBus
port 12361 - Whack-a-mole
port 12362 - Whack-a-mole
port 16969 - Priority
port 20001 - Millennium
port 20034 - NetBus 2 Pro
port 21544 - GirlFriend
port 22222 - Prosiak
port 23456 - Evil FTP, Ugly FTP
port 26274 - Delta
port 31337 - Back Orifice
port 31338 - Back Orifice, DeepBO
port 31339 - NetSpy DK
port 31666 - BOWhack
port 33333 - Prosiak
port 34324 - BigGluck, TN
port 40412 - The Spy
port 40421 - Masters Paradise
port 40422 - Masters Paradise
port 40423 - Masters Paradise
port 40426 - Masters Paradise
port 47262 - Delta
port 50505 - Sockets de Troie
port 50766 - Fore
port 53001 - Remote Windows Shutdown
port 61466 - Telecommando
port 65000 - Devil

You'll find the list on the following address:
http://www.simovits.com/nyheter9902.html  (still in Swedish but it will be

translated in the near future).

To help anyone to detect trojan attacks, Im planning to add information

about the original names of the executables, their size, where they usually

are hiding, and the names of any helpfiles they may use. I will also add

tools or links to tools that may be of your assistance.

Feel free to get back to me with any comments or suggestions. If you find

new trojans Ill love to get my hands on them, but please mail me first, as

I dont need more than one copy. If you have live experiance of trojan

attacks Im interested to read about your findings.

Joakim

joakim.von.braun@risab.se


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH