Trojan horses commonly open a port on the infected machine and wait for a connection to open on that port, so that hackers will be able to gain total control over the computer. Here is a (non exhaustive) list of the most common ports used by Trojan horses (source: Site de Rico):
| port | Trojan |
|---|---|
| 21 | Back construction, Blade runner, Doly, Fore, FTP trojan, Invisible FTP, Larva, WebEx, WinCrash |
| 23 | TTS (Tiny Telnet Server) |
| 25 | Ajan, Antigen, Email Password Sender, Happy99, Kuang 2, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy |
| 31 | Agent 31, Hackers Paradise, Masters Paradise |
| 41 | Deep Throat |
| 59 | DMSetup |
| 79 | FireHotcker |
| 80 | Executor, RingZero |
| 99 | Hidden port |
| 110 | ProMail trojan |
| 113 | Kazimas |
| 119 | Happy 99 |
| 121 | JammerKillah |
| 421 | TCP Wrappers |
| 456 | Hackers Paradise |
| 531 | Rasmin |
| 555 | Ini-Killer, NetAdmin, Phase Zero, Stealth Spy |
| 666 | Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre |
| 911 | Dark Shadow |
| 999 | Deep Throat, WinSatan |
| 1002 | Silencer, WebEx |
| 1010 to 1015 | Doly trojan |
| 1024 | NetSpy |
| 1042 | Bla |
| 1045 | Rasmin |
| 1090 | Xtreme |
| 1170 | Psyber Stream Server, Streaming Audio Trojan, voice |
| 1234 | Ultor trojan |
| port 1234 | Ultors Trojan |
| port 1243 | BackDoor-G, SubSeven, SubSeven Apocalypse |
| port 1245 | VooDoo Doll |
| port 1269 | Mavericks Matrix |
| port 1349 (UDP) | BO DLL |
| port 1492 | FTP99CMP |
| port 1509 | Psyber Streaming Server |
| port 1600 | Shivka-Burka |
| port 1807 | SpySender |
| port 1981 | Shockrave |
| port 1999 | BackDoor |
| port 1999 | TransScout |
| port 2000 | TransScout |
| port 2001 | TransScout |
| port 2001 | Trojan Cow |
| port 2002 | TransScout |
| port 2003 | TransScout |
| port 2004 | TransScout |
| port 2005 | TransScout |
| port 2023 | Ripper |
| port 2115 | Bugs |
| port 2140 | Deep Throat, The Invasor |
| port 2155 | Illusion Mailer |
| port 2283 | HVL Rat5 |
| port 2565 | Striker |
| port 2583 | WinCrash |
| port 2600 | Digital RootBeer |
| port 2801 | Phineas Phucker |
| port 2989 (UDP) | RAT |
| port 3024 | WinCrash |
| port 3128 | RingZero |
| port 3129 | Masters Paradise |
| port 3150 | Deep Throat, The Invasor |
| port 3459 | Eclipse 2000 |
| port 3700 | portal of Doom |
| port 3791 | Eclypse |
| port 3801 (UDP) | Eclypse |
| port 4092 | WinCrash |
| port 4321 | BoBo |
| port 4567 | File Nail |
| port 4590 | ICQTrojan |
| port 5000 | Bubbel, Back Door Setup, Sockets de Troie |
| port 5001 | Back Door Setup, Sockets de Troie |
| port 5011 | One of the Last Trojans (OOTLT) |
| port 5031 | NetMetro |
| port 5321 | FireHotcker |
| port 5400 | Blade Runner, Back Construction |
| port 5401 | Blade Runner, Back Construction |
| port 5402 | Blade Runner, Back Construction |
| port 5550 | Xtcp |
| port 5512 | Illusion Mailer |
| port 5555 | ServeMe |
| port 5556 | BO Facil |
| port 5557 | BO Facil |
| port 5569 | Robo-Hack |
| port 5742 | WinCrash |
| port 6400 | The Thing |
| port 6669 | Vampyre |
| port 6670 | Deep Throat |
| port 6771 | Deep Throat |
| port 6776 | BackDoor-G, SubSeven |
| port 6912 | Shit Heep (not port 69123!) |
| port 6939 | Indoctrination |
| port 6969 | GateCrasher, Priority, IRC 3 |
| port 6970 | GateCrasher |
| port 7000 | Remote Grab, Kazimas |
| port 7300 | NetMonitor |
| port 7301 | NetMonitor |
| port 7306 | NetMonitor |
| port 7307 | NetMonitor |
| port 7308 | NetMonitor |
| port 7789 | Back Door Setup, ICKiller |
| port 8080 | RingZero |
| port 9400 | InCommand |
| port 9872 | portal of Doom |
| port 9873 | portal of Doom |
| port 9874 | portal of Doom |
| port 9875 | portal of Doom |
| port 9876 | Cyber Attacker |
| port 9878 | TransScout |
| port 9989 | iNi-Killer |
| port 10067 (UDP) | portal of Doom |
| port 10101 | BrainSpy |
| port 10167 (UDP) | portal of Doom |
| port 10520 | Acid Shivers |
| port 10607 | Coma |
| port 11000 | Senna Spy |
| port 11223 | Progenic trojan |
| port 12076 | Gjamer |
| port 12223 | Hack´99 KeyLogger |
| port 12345 | GabanBus, NetBus, Pie Bill Gates, X-bill |
| port 12346 | GabanBus, NetBus, X-bill |
| port 12361 | Whack-a-mole |
| port 12362 | Whack-a-mole |
| port 12631 | WhackJob |
| port 13000 | Senna Spy |
| port 16969 | Priority |
| port 17300 | Kuang2 The Virus |
| port 20000 | Millennium |
| port 20001 | Millennium |
| port 20034 | NetBus 2 Pro |
| port 20203 | Logged |
| port 21544 | GirlFriend |
| port 22222 | Prosiak |
| port 23456 | Evil FTP, Ugly FTP, Whack Job |
| port 23476 | Donald Dick |
| port 23477 | Donald Dick |
| port 26274 (UDP) | Delta Source |
| port 27374 | SubSeven 2.0 |
| port 29891 (UDP) | The Unexplained |
| port 30029 | AOL trojan |
| port 30100 | NetSphere |
| port 30101 | NetSphere |
| port 30102 | NetSphere |
| port 30303 | Sockets de Troie |
| port 30999 | Kuang2 |
| port 31336 | Bo Whack |
| port 31337 | Baron Night, BO client, BO2, Bo Facil |
| port 31337 (UDP) | BackFire, Back Orifice, DeepBO |
| port 31338 | NetSpy DK |
| port 31338 (UDP) | Back Orifice, DeepBO |
| port 31339 | NetSpy DK |
| port 31666 | Bo Whack |
| port 31785 | Hack´a´Tack |
| port 31787 | Hack´a´Tack |
| port 31788 | Hack´a´Tack |
| port 31789 (UDP) | Hack´a´Tack |
| port 31791 (UDP) | Hack´a´Tack |
| port 31792 | Hack´a´Tack |
| port 33333 | Prosiak |
| port 33911 | Spirit 2001a |
| port 34324 | BigGluck, TN |
| port 40412 | The Spy |
| port 40421 | Agent 40421, Masters Paradise |
| port 40422 | Masters Paradise |
| port 40423 | Masters Paradise |
| port 40426 | Masters Paradise |
| port 47262 (UDP) | Delta Source |
| port 50505 | Sockets de Troie |
| port 50766 | Fore, Schwindler |
| port 53001 | Remote Windows Shutdown |
| port 54320 | Back Orifice 2000 |
| port 54321 | School Bus |
| port 54321 (UDP) | Back Orifice 2000 |
| port 60000 | Deep Throat |
| port 61466 | Telecommando |
| port 65000 | Devil |
For Further Reading,
0 comments:
Post a Comment