Backdoor

Discussion in 'malware problems & news' started by *Ari*, Nov 13, 2002.

Thread Status:
Not open for further replies.
  1. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hello experts

    I scanned my own ports and I found backdoor open, Port 11092. I found information on net; it uses Telnet I suppose. How could I close that port, by uninstalling Telnet ? What do I need Telnet for ?

    gratefully yours -Ari
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    TELNET is the virtual terminal protocol that allows Internet users to log into a remote host and interact with it as a normal terminal of that host. The user machine acts as a dumb terminal and all commands and applications are run on the host only.

    Source: http://www.lattimore.co.uk/what.htm

    So I guess you don´t want it.

    Regards,

    Pieter
     
  3. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Pieter

    Thank you for the fast reply ! I found the instructions how to use that backdoor and I don´t want to publish them here :D. How to uninstall Telnet, it is not listed " Add or remove " on control panel. Jv 16 does not find it either. It is located in system folder ...

    -Ari
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    It should be in your services.
    Mine is set so it can be started manually.

    Regards,

    Pieter
     
  5. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Ok here is what I found :
    This update eliminates a vulnerability in the Telnet client that ships as part of Windows 98. The vulnerability could allow a web page to take malicious action on the computer of the user who visited the page. For example, this web page could create, delete or modify files, reformat the hard drive, or send data to or from a web page.
    http://www.microsoft.com/windows98/downloads/contents/WUCritical/Telnet/Default.asp

    -Ari
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    I found one for Win2k:
    An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-004.asp
    and I wouldn´t be surprised if there were more ;)

    Regards,

    Pieter
     
  7. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Yep ;)
    Better run the patch or uninstall whole thingy like this way :

    How to uninstall

    NOTE: Please save your work and close all open applications before attempting to uninstall this component. You will need to have your original Windows 98 CD available to uninstall this component.

    Click Start, point to Find, and click Files or Folders.
    Search for TELNETUN.INF.
    Once this file is displayed, right-click on the file and choose Install.

    THIS WAS ONLY HOW TO UNINSTALL PATCH!!!

    You BETTER fetch the patch at http://www.microsoft.com/windows98/downloads/contents/WUCritical/Telnet/Default.asp

    Sorry for inconvenience :oops:
     
  8. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hey

    I ran the patch and rescanned the port 11092, It really seems to be closed now :cool:.

    -Ari
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
Loading...
Thread Status:
Not open for further replies.