RE: DeepThroat Trojan

[Curt Bryson (NTI)]

Greetings,   Deep Throat is a remote administration tool  (which can also be used as a trojan) similar to netbus.  It will allow remote control of Windows 95 and 98 computers if it is installed on them.  You as a system administrator may never know you are infected due to the fact the program can be hidden from a normal user’s view.  One easy way to tell if you are infected, however, is to be on the lookout for connections to your machines at ports 2140, 3150,  6670, and 6771.  Of course, these ports can be changed, per user requirements, so don’t take these as gospel.  Newer versions include the capability to launch a private FTP server (so the offender can share your files with the world), hide clock/start button (kinda useless feature, but can frustrate inexperienced users), change the desktop wallpaper (annoyance), and it will even do an ICQ online server alert (lets the world know your now open system is available for pillaging).  Infected with deep throat?  Blackhole that server and set it up from scratch and a blank hard drive…the user could have done a myriad of things to the files which reside on your system.  If you have critical time or data issues and can’t delete everything; seek professional help to try “surgical extraction”, if you will, and safe,controlled disinfection of potentially infected files.     Curt Bryson Computer Forensics/Internet Investigations Consultant   New Technologies, Inc. 2075 North East Division Post Office Box 929 Gresham, Oregon 97030   mailto:[EMAIL PROTECTED] http://www.forensics-intl.com Phone: (503) 661-6912 Fax:   (503) 674-9145   NOTICE - This message and any attached files, in their entirety, are intended for the use of the individual and/or entity referenced above and may contain information that is privileged, confidential, and/or exempt from disclosure by applicable law or court order.  If the reader of this message is not the intended recipient, please notify the sender via the most expedient means available (relevant contact information precedes this notice).  Any dissemination, distribution, or copying of this message or its attachments by unauthorized personnel is strictly prohibited.     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Syed Amiruddin Sent: Monday, March 13, 2000 5:46 AM To: [EMAIL PROTECTED] Subject: DeepThroat Trojan   Hi,   Can anyone tell me what is "DeepThroat Trojan" and how I can protect my net from it.   Regards, Amiruddin