Appendix A: List of Ports Frequently Used by Trojans
| No | Port | Name |
|---|---|---|
| | ||
| 1 | 2 | Death |
| 2 | 20 | Senna Spy FTP Server |
| 3 | 21 | Back Construction, Blade Runner, Doly Trojan, Fore, Invisible FTP, Juggernaut 42, Larva, Motlv FTP, Net Administrator, Senna Spy FTP Server, Traitor 21, WebEx, WinCrash |
| 4 | 22 | Shaft |
| 5 | 23 | Fire Hacker, Tiny Telnet Server—TTS, Truva Atl |
| 6 | 25 | Ajan, Antigen, Email Password Sender—EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirltz, Stealth, Tapiras, Terminator, WinPC, WinSpy |
| 7 | 31 | Agent 31, Hackers Paradise, Masters Paradise |
| 8 | 41 | Deep Throat, Foreplay or Reduced Foreplay |
| 9 | 48 | DRAT |
| 10 | 50 | DRAT |
| 11 | 59 | DMSetup |
| 12 | 79 | CDK, Firehotcker |
| 13 | 80 | AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero |
| 14 | 81 | RemoConChubo |
| 15 | 99 | Hidden Port |
| 16 | 110 | ProMail trojan |
| 17 | 113 | Invisible Identd Deamon, Kazimas |
| 18 | 119 | Happy99 |
| 19 | 121 | JammerKillah |
| 20 | 123 | Net Controller |
| 21 | 133 | Farnaz |
| 22 | 142 | NetTaxi |
| 23 | 146 (TCP/UDP) | Infector |
| 24 | 170 | A-trojan |
| 25 | 334 | Backage |
| 26 | 420 | Breach |
| 27 | 421 | TCP Wrapper trojan |
| 28 | 456 | Hackers Paradise |
| 29 | 513 | Grlogin |
| 30 | 514 | RPC Backdoor |
| 31 | 531 | Rasmin |
| 32 | 555 | Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy |
| 33 | 605 | Secret Service |
| 34 | 666 | Attack FTP, Back Construction, Cain & Abel, NokNok, Satans Back Door—SBD, ServU, Shadow Phyre |
| 35 | 667 | SniperNet |
| 36 | 669 | DP trojan |
| 37 | 692 | GayOL |
| 38 | 777 | AimSpy, Undetected |
| 39 | 808 | WinHole |
| 40 | 911 | Dark Shadow |
| 41 | 999 | Deep Throat, Foreplay or Reduced Foreplay, WinSatan |
| 42 | 1000 | Der Spaher/Der Spaeher |
| 43 | 1001 | Der Spaher/Der Spaeher, Le Guardien, Silencer, WebEx |
| 44 | 1010 | Doly Trojan |
| 45 | 1011 | Doly Trojan |
| 46 | 1012 | Doly Trojan |
| 47 | 1015 | Doly Trojan |
| 48 | 1016 | Doly Trojan |
| 49 | 1020 | Vampire |
| 50 | 1024 | NetSpy |
| 51 | 1042 | BLA trojan |
| 52 | 1045 | Rasmin |
| 53 | 1049 | /sbin/initd |
| 54 | 1050 | MiniCommand |
| 55 | 1054 | AckCmd |
| 56 | 1080 | WinHole |
| 57 | 1081 | WinHole |
| 58 | 1082 | WinHole |
| 59 | 1082 | WinHole |
| 60 | 1090 | Xtreme |
| 61 | 1095 | Remote Administration Tool—RAT |
| 62 | 1097 | Remote Administration Tool—RAT |
| 63 | 1098 | Remote Administration Tool—RAT |
| 64 | 1099 | Blood Fest Evolution, Remote Administration Tool—RAT |
| 65 | 1170 | Psyber Stream Server—PSS, Streaming Audio Server, Voice |
| 66 | 1200(UDP) | NoBackO |
| 67 | 1201(UDP) | NoBackO |
| 68 | 1207 | SoftWAR |
| 69 | 1212 | Kaos |
| 70 | 1234 | Ultors Trojan |
| 71 | 1243 | BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles |
| 72 | 1245 | Voodoo Doll |
| 73 | 1255 | Scarab |
| 74 | 1256 | Project NEXT |
| 75 | 1269 | Matrix |
| 76 | 1313 | NETrojan |
| 77 | 1338 | Millenium Worm |
| 78 | 1349 | Bo dll |
| 79 | 1492 | FTP99CMP |
| 80 | 1524 | Trinoo |
| 81 | 1600 | Shivka-Burka |
| 82 | 1777 | Scarab |
| 83 | 1807 | SpySender |
| 84 | 1966 | Fake FTP |
| 85 | 1969 | OpC BO |
| 86 | 1981 | Bowl, Shockrave |
| 87 | 1999 | Back Door, TransScout |
| 88 | 2000 | Der Spaher/Der Spaeher, Insane Network |
| 89 | 2001 | Der Spaher/Der Spaeher, Trojan Cow |
| 90 | 2023 | Ripper Pro |
| 91 | 2080 | WinHole |
| 92 | 2115 | Bugs |
| 93 | 2140 (UDP) | Deep Throat, Foreplay or Reduced Foreplay |
| 94 | 2155 | Illusion Mailer |
| 95 | 2255 | Nirvana |
| 96 | 2283 | HvI RAT |
| 97 | 2300 | Xplorer |
| 98 | 2339 (TCP/UDP) | Voice Spy—OBS!!! namnen har bytt plats |
| 99 | 2345 | Doly Trojan |
| 100 | 2565 | Striker trojan |
| 101 | 2583 | WinCrash |
| 102 | 2600 | Digital RootBeer |
| 103 | 2716 | The Prayer |
| 104 | 2773 | SubSeven, SubSeven 2.1 Gold |
| 105 | 2801 | Phineas Phucker |
| 106 | 2989 (UDP) | Remote Administration Tool—RAT |
| 107 | 3000 | Remote Shut |
| 108 | 3024 | WinCrash |
| 109 | 3128 | RingZero |
| 110 | 3129 | Masters Paradise |
| 111 | 3150 | The Invasor |
| 112 | 3150 (UDP) | Deep Throat, Foreplay or Reduced Foreplay |
| 113 | 3456 | Terror trojan |
| 114 | 3459 | Eclipse 2000, Sanctuary |
| 115 | 3700 | Portal of Doom—POD |
| 116 | 3791 | Total Solar Eclypse |
| 117 | 3801 | Total Solar Eclypse |
| 118 | 4000 | Skydance |
| 119 | 4092 | WinCrash |
| 120 | 4242 | Virtual Hacking Machine—VHM |
| 121 | 4321 | BoBo |
| 122 | 4444 | Prosiak, Swift Remote |
| 123 | 4567 | File Nail |
| 124 | 4590 | ICQ Trojan |
| 125 | 4950 | ICQ Trogen (Lm) |
| 126 | 5000 | Back Door Setup, Blazer5, Bubbel, ICKiller, Sockets des Troie |
| 127 | 5001 | Back Door Setup, Sockets des Troie |
| 128 | 5002 | Shaft, cdOOr |
| 129 | 5010 | Solo |
| 130 | 5011 | One of the Last Trojans—OOTLT |
| 131 | 5025 | WM Remote KeyLogger |
| 132 | 5031 | Net Metropolitan |
| 133 | 5032 | Net Metropolitan |
| 134 | 5321 | FileHotcker |
| 135 | 5343 | WCrat—WC Remote Administration Tool |
| 136 | 5400 | Back Construction, Blade Runner |
| 137 | 5401 | Back Construction, Blade Runner |
| 138 | 5402 | Back Construction, Blade Runner |
| 139 | 5512 | Illusion Mailer |
| 140 | 5550 | Xtcp |
| 141 | 5555 | ServeMe |
| 142 | 5556 | BO Facil |
| 143 | 5557 | BO Facil |
| 144 | 5569 | Robo-Hack |
| 145 | 5637 | PC Crasher |
| 146 | 5638 | PC Crasher |
| 147 | 5742 | WinCrash |
| 148 | 5760 | Portmap Remote Root Linux Exploit |
| 149 | 5882 (UDP) | Y3K RAT |
| 150 | 5888 | Y3K RAT |
| 151 | 6000 | The Thing |
| 152 | 6006 | Bad Blood |
| 153 | 6272 | Secret Service |
| 154 | 6400 | The Thing |
| 155 | 6666 | Dark Connection Inside, NetBus worm |
| 156 | 6667 | ScheduleAgent, Trinity, WinSatan |
| 157 | 6669 | Host Control, Vampire |
| 158 | 6670 | BackWeb Server, Deep Throat, Foreplay or Reduced Foreplay, WinNuke eXtreame |
| 159 | 6711 | BackDoor-G, SubSeven, VP Killer |
| 160 | 6712 | Funny trojan, SubSeven |
| 161 | 6713 | SubSeven |
| 162 | 6723 | Mstream |
| 163 | 6771 | Deep Throat, Foreplay or Reduced Foreplay |
| 164 | 6776 | 2000 Cracks, BackDoor-G, SubSeven, VP Killer |
| 165 | 6838 (UDP) | Mstream |
| 166 | 6883 | Delta Source Dark Star |
| 167 | 6912 | Shit Heep |
| 168 | 6939 | Indoctrination |
| 169 | 6969 | GateCrasher, IRC 3, Net Controller, Priority |
| 170 | 6970 | GateCrasher |
| 171 | 7000 | Exploit Translation Server, Kazimas, Remote Grab, SubSeven 2.1 Gold |
| 172 | 7001 | Freak8 |
| 173 | 7215 | SubSeven, SubSeven 2.1 Gold |
| 174 | 7300 | NetMonitor |
| 175 | 7301 | NetMonitor |
| 176 | 7306 | NetMonitor |
| 177 | 7307 | NetMonitor |
| 178 | 7308 | NetMonitor |
| 179 | 7424 (TCP/UDP) | Host Control |
| 180 | 7597 | Qaz |
| 181 | 7777 | Tini |
| 182 | 7789 | Back Door Setup, ICKiller |
| 183 | 7983 | Mstream |
| 184 | 8080 | Brown Orifice, RemoConChubo, RingZero |
| 185 | 8787 | Back Orifice 2000 |
| 186 | 8988 | BacHack |
| 187 | 8989 | Rcon,Recon,Xcon |
| 188 | 9000 | Netministrator |
| 189 | 9325 (UDP) | Mstream |
| 190 | 9400 | InCommand |
| 191 | 9872 | Portal of Doom—POD |
| 192 | 9873 | Portal of Doom—POD |
| 193 | 9874 | Portal of Doom—POD |
| 194 | 9875 | Portal of Doom—POD |
| 195 | 9876 | Cyber Attacker, Rux |
| 196 | 9878 | TransScout |
| 197 | 9989 | Ini-Killer |
| 198 | 9999 | The Prayer |
| 199 | 10067 (UDP) | Portal of Doom—POD |
| 200 | 10085 | Syphillis |
| 201 | 10086 | Syphillis |
| 202 | 10101 | BrainSpy |
| 203 | 10167 (UDP) | Portal of Doom—POD |
| 204 | 10520 | Acid Shivers |
| 205 | 10528 | Host Control |
| 206 | 10607 | Coma |
| 207 | 10666 (UDP) | Ambush |
| 208 | 11000 | Senna Spy Trojan Generator |
| 209 | 11050 | Host Control |
| 210 | 11051 | Host Control |
| 211 | 11223 | Progenic trojan, Secret Agent |
| 212 | 12076 | Gjamer |
| 213 | 12223 | Hack?99 KeyLogger |
| 214 | 12345 | cron/crontab, Fat Bitch trojan, GabanBus, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill |
| 215 | 12346 | Fat Bitch trojan, GabanBus, NetBus, X-bill |
| 216 | 12349 | BioNet |
| 217 | 12361 | Whack-a-mole |
| 218 | 12362 | Whack-a-mole |
| 219 | 12623 (UDP) | DUN Control |
| 220 | 12626 | ButtMan |
| 221 | 12631 | Whack Job |
| 222 | 12754 | Mstream |
| 223 | 13000 | Senna Spy Trojan Generator |
| 224 | 13010 | Hacker Brasil—HBR |
| 225 | 14500 | PC Invader |
| 226 | 15092 | Host Control |
| 227 | 15104 | Mstream |
| 228 | 15858 | CDK |
| 229 | 16484 | Mosucker |
| 230 | 16660 | Stacheldraht |
| 231 | 16772 | ICQ Revenge |
| 232 | 16969 | Priority |
| 233 | 17166 | Mosaic |
| 234 | 17300 | Kuang2 |
| 235 | 17449 | CrazzyNet |
| 236 | 17777 | Nephron |
| 237 | 18753 (UDP) | Shaft |
| 238 | 19864 | ICQ Revenge |
| 239 | 2000 | Millenium |
| 240 | 2001 | Millenium, Millenium (Lm) |
| 241 | 20001 | AcidkoR |
| 242 | 20023 | VP Killer |
| 243 | 20034 | NetBus 2.0 Pro, NetRex, Whack Job |
| 244 | 20203 | Chupacabra |
| 245 | 20331 | BLA trojan |
| 246 | 20432 | Shaft |
| 247 | 20433 (UDP) | Shaft |
| 248 | 21544 | GirlFriend, Kid Terror |
| 249 | 21554 | Exploiter, Kid Terror, Schwindler, WinspOOfer |
| 250 | 22222 | Donald Dick, Prosiak |
| 251 | 23005 | NetTrash |
| 252 | 23023 | Logged |
| 253 | 23032 | Amanda |
| 254 | 23432 | Asylum |
| 255 | 23456 | Evil FTP, Ugly FTP, Whack Job |
| 256 | 23476 (TCP/UDP) | Donald Dick |
| 257 | 23477 | Donald Dick |
| 258 | 26274 (UDP) | Delta Source |
| 259 | 26681 | Voice Spy—OBS!!! namnen har bytt plats |
| 260 | 27374 | Bad Blood, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8 |
| 261 | 27444 (UDP) | Trinoo |
| 262 | 27573 | SubSeven |
| 263 | 27665 | Trinoo |
| 264 | 29104 | NetTrojan |
| 265 | 29891 | The Unexplained |
| 266 | 30001 | ErrOr32 |
| 267 | 30003 | Lamers Death |
| 268 | 30029 | AOL trojan |
| 269 | 30100 | NetSphere |
| 270 | 30102 | NetSphere |
| 271 | 30103 (TCP/UDP) | NetSphere |
| 272 | 30133 | NetSphere |
| 273 | 30303 | Sockets des Troie |
| 274 | 30947 | Intruse |
| 275 | 30999 | Kuang2 |
| 276 | 31335 | Trinoo |
| 277 | 31336 | Bo Whack, Butt Funnel |
| 278 | 31337 | Back Fire, Back Orifice (Lm), Back Orifice russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron / crontab, Freak88, icmp_pipe.c, Sockdmini |
| 279 | 31337 (UDP) | Back Orifice, Deep BO |
| 280 | 31338 | Back Orifice, Butt Funnel, NetSpy (DK) |
| 281 | 31338 (UDP) | Deep BO |
| 282 | 31339 | NetSpy (DK) |
| 283 | 31666 | BOWhack |
| 284 | 31785 | Hack‘a’Tack |
| 285 | 31788 | Hack‘a’Tack |
| 286 | 31789 (UDP) | Hack‘a’Tack |
| 287 | 31790 | Hack‘a’Tack |
| 288 | 31791 (UDP) | Hack‘a’Tack |
| 289 | 32001 | Donald Dick |
| 290 | 32100 | Peanut Brittle, Project nEXT |
| 291 | 32418 | Acid Battery |
| 292 | 33270 | Trinity |
| 293 | 33333 | Blakharaz, Prosiak |
| 294 | 33577 | PsychWard |
| 295 | 33777 | PsychWard |
| 296 | 33911 | Spirit 2000, Spirit 2001 |
| 297 | 34324 | Big Gluck, TN |
| 298 | 34444 | Donald Dick |
| 299 | 34555 (UDP) | WinTrinoo |
| 300 | 35555 (UDP) | WinTrinoo |
| 301 | 37651 | Yet Another Trojan—YAT |
| 302 | 40412 | The Spy |
| 303 | 40421 | Agent 40421, Masters Paradise |
| 304 | 40422 | Masters Paradise |
| 305 | 40423 | Masters Paradise |
| 306 | 40426 | Masters Paradise |
| 307 | 41666 | Remote Boot Tool—RBT |
| 308 | 44444 | Prosiak |
| 309 | 47262 (UDP) | Delta Source |
| 310 | 50505 | Sockets des Troie |
| 311 | 50766 | Fore, Schwindler |
| 312 | 51966 | Cafeini |
| 313 | 52317 | Acid Battery 2000 |
| 314 | 53001 | Remote Windows Shutdown—RWS |
| 315 | 54283 | SubSeven, SubSeven 2.1 Gold |
| 316 | 54320 | Back Orifice |
| 317 | 54321 | Back Orifice, School Bus |
| 318 | 57341 | NetRaider |
| 319 | 58339 | Butt Funnel |
| 320 | 60000 | Deep Throat, Foreplay or Reduced Foreplay, Sockets des Troie |
| 321 | 60068 | Xzip 60068 |
| 322 | 60411 | Connection |
| 323 | 61438 | Bunker-Hill |
| 324 | 61466 | TeleCommando |
| 325 | 61603 | Bunker-Hill |
| 326 | 63485 | Bunker-Hill |
| 327 | 64101 | Taskman/Task Manager |
| 328 | 65000 | Devil, Sockets des Troie, Stacheldraht |
| 329 | 65432 (TCP/UDP) | The Traitor (= th3tr41tOr) |
| 330 | 65534 | /sbin/initd |
| 331 | 65535 | RC1 trojan |
EAN: 2147483647
Pages: 152