"Reptile" server?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
"Reptile" server? Joel Rubin 08-06-2005
Posted by Joel Rubin on August 6, 2005, 2:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Does anyone know what the server described in Russian at:

http://www.kaldata.com/forums/index.php?s=f8919bf52c63b2ab9c8d06eb69ebe69d&showtopic=6995

is? I think it's some sort of trojan. It looks a bit like an SMTP
server but, as in the description on the Rooski web site, I can't get
the one I'm investigating to take commands.

The one I'm investigating is at 69.30.157.66:21135 and it came to my
attention because I was spammed through it.

It's also listening at 21286. I think there has to be an SMTP server
or some sort of proxy somewhere.



Posted by Virus Guy on August 5, 2005, 11:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Joel Rubin wrote:

> The one I'm investigating is at 69.30.157.66:21135
> It's also listening at 21286.

I just ran IP-tools port-scanner on that IP (and added port 21286).

It didn't respond to anything (but it does ping).


Posted by Joel Rubin on August 6, 2005, 10:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:

>Does anyone know what the server described in Russian at:
>
>http://www.kaldata.com/forums/index.php?s=f8919bf52c63b2ab9c8d06eb69ebe69d&showtopic=6995
>
>is? I think it's some sort of trojan. It looks a bit like an SMTP
>server but, as in the description on the Rooski web site, I can't get
>the one I'm investigating to take commands.
>
>The one I'm investigating is at 69.30.157.66:21135 and it came to my
>attention because I was spammed through it.
>
>It's also listening at 21286. I think there has to be an SMTP server
>or some sort of proxy somewhere.

I found a new reptile server, 61.0.39.6:12010.



Similar ThreadsPosted
ftp server found. March 9, 2006, 4:19 pm
Unknown POP3 server January 29, 2006, 6:21 pm
Can viruses be planted on a server? July 18, 2006, 7:56 pm
problems with exchange server December 19, 2006, 2:34 am
Server infected by a trojan September 6, 2007, 11:25 am
Steganos update server December 29, 2007, 5:07 am
trojaned proxy server June 17, 2008, 11:19 am
What Anti-Virus for Server? October 31, 2008, 5:17 pm
Antivirus distribution server on Linux.. February 27, 2006, 1:28 am
proxy server errors when trying to upload to VT February 16, 2007, 11:09 am

The site map in XML format XML site map

Contact Us | Privacy Policy