Los troyanos

Los troyanos son un código malicioso que nos puede causar mucho daño si se cuelan en nuestro sistema. Para entender por qué se les llama troyanos, tenemos que recordar un poquito al caballo de Troya. Como sabéis, los griegos no podían superar el bloqueo de la ciudad de Troya, y para entrar ingeniaron un caballo de madera que parecía totalmente inofensivo, que regalaron a los Troyanos, y éstos, sin ver ningún peligro en ello, metieron en su ciudad. El caballo estaba lleno de soldados, que, por la noche, mientras los Troyanos dormían, salieron y abrieron las puertas de la ciudad, lo cual supuso la perdición para el pueblo de Troya.

 Pues los programas con Troyanos son lo mismo. Son programitas, en apariencia normales, muy cucos ellos, pero que parte del código del programa no se dedica a loq ue nosotros creemos que se dedica ese programa, sino que se dedicaa sacar datos de nuestro sistema, abrir puertos para que puedan acceder desde fuera, etc.

 

¿Cómo detectar sus síntomas?

Algunos síntomas de nuestro sistema pueden alertarnos de que tenemos un troyano, como pro ejemplo:

 

  • El router o disco duro actúan anormalmente, parecen estar con mucha actividad aunque no estemos haciendo nada.
  • Se nos bloquea todo constantemente.
  • El ratón va a golpes y a ratos no responde.
  • Se nos cierran o abren programas inesperadamente.

 

¿Que hacer para combatirlos?

Lo mejor es tener un buen cortafuegos. Los hay gratuitos y que van muy bien. Lo importante es que se bloqueen los puertos que usan para sacar la información, o para acceder desde fuera. Si hemos instalado el cortafuegos cuando ya hemos sido infectados, el cortafuegos nos pedirá confirmación cada vez que el sistema quiera sacar o dejar entrar información por puertos sospechosos.

Sobre todo, no abrir archivos ejecutables que nos envían por correo electrónico, si no son fiables. sobre todo los que nos vienen por spam.

Aquí tenéis la lista de los troyanos y los puertos que utilizan.

port 1 (UDP) - Sockets des Troie
port 2 Death
port 15 B2
port 20 Senna Spy FTP server
port 21 Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, FreddyK, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, RTB 666, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash
port 22 Adore sshd, Shaft
port 23 ADM worm, Fire HacKer, My Very Own trojan, RTB 666, Telnet Pro, Tiny Telnet Server - TTS, Truva Atl
port 25 Ajan, Antigen, Barok, BSE, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Stukach, Tapiras, Terminator, WinPC, WinSpy
port 30 Agent 40421
port 31 Agent 31, Hackers Paradise, Masters Paradise
port 39 SubSARI
port 41 Deep Throat, Foreplay
port 44 Arctic
port 48 DRAT
port 50 DRAT
port 53 ADM worm, Lion
port 58 DMSetup
port 59 DMSetup
port 69 BackGate
port 79 CDK, Firehotcker
port 80 711 trojan (Seven Eleven), AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, Executor, God Message, God Message 4 Creator, Hooker, IISworm, MTX, NCX, Noob, Ramen, Reverse WWW Tunnel Backdoor, RingZero, RTB 666, Seeker, WAN Remote, Web Server CT, WebDownloader
port 81 RemoConChubo
port 99 Hidden Port, Mandragore, NCX
port 110 ProMail trojan
port 113 Invisible Identd Deamon, Kazimas
port 119 Happy99
port 121 Attack Bot, God Message, JammerKillah
port 123 Net Controller
port 133 Farnaz
port 137 Chode
port 137 (UDP) - Msinit, Qaz
port 138 Chode
port 139 Chode, God Message worm, Msinit, Netlog, Network, Qaz, Sadmind, SMB Relay
port 142 NetTaxi
port 146 Infector
port 146 (UDP) - Infector
port 166 NokNok
port 170 A-trojan
port 334 Backage
port 411 Backage
port 420 Breach, Incognito
port 421 TCP Wrappers trojan
port 455 Fatal Connections
port 456 Hackers Paradise
port 511 T0rn Rootkit
port 513 Grlogin
port 514 RPC Backdoor
port 515 lpdw0rm, Ramen
port 531 Net666, Rasmin
port 555 711 trojan (Seven Eleven), Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy
port 600 Sadmind
port 605 Secret Service
port 661 NokNok
port 666 Attack FTP, Back Construction, BLA trojan, Cain & Abel, lpdw0rm, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre, th3r1pp3rz (= Therippers)
port 667 SniperNet
port 668 th3r1pp3rz (= Therippers)
port 669 DP trojan
port 692 GayOL
port 777 AimSpy, Undetected
port 808 WinHole
port 911 Dark Shadow, Dark Shadow
port 999 Chat power, Deep Throat, Foreplay, WinSatan
port 1000 Connecter, Der Späher / Der Spaeher, Direct Connection
port 1001 Der Späher / Der Spaeher, Le Guardien, Silencer, Theef, WebEx
port 1005 Theef
port 1008 Lion
port 1010 Doly Trojan
port 1011 Doly Trojan
port 1012 Doly Trojan
port 1015 Doly Trojan
port 1016 Doly Trojan
port 1020 Vampire
port 1024 Jade, Latinus, NetSpy, Remote Administration Tool - RAT [no 2]
port 1025 Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm
port 1025 (UDP) - Remote Storm
port 1031 Xanadu
port 1035 Multidropper
port 1042 BLA trojan
port 1042 (UDP) - BLA trojan
port 1045 Rasmin
port 1049 /sbin/initd
port 1050 MiniCommand
port 1053 The Thief
port 1054 AckCmd
port 1080 SubSeven 2.2, WinHole
port 1081 WinHole
port 1082 WinHole
port 1083 WinHole
port 1090 Xtreme
port 1095 Remote Administration Tool - RAT
port 1097 Remote Administration Tool - RAT
port 1098 Remote Administration Tool - RAT
port 1099 Blood Fest Evolution, Remote Administration Tool - RAT
port 1104 (UDP) - RexxRave
port 1150 Orion
port 1151 Orion
port 1170 Psyber Stream Server - PSS, Streaming Audio Server, Voice
port 1174 DaCryptic
port 1180 Unin68
port 1200 (UDP) - NoBackO
port 1201 (UDP) - NoBackO
port 1207 SoftWAR
port 1208 Infector
port 1212 Kaos
port 1234 SubSeven Java client, Ultors Trojan
port 1243 BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles
port 1245 VooDoo Doll
port 1255 Scarab
port 1256 Project nEXT, RexxRave
port 1269 Matrix
port 1272 The Matrix
port 1313 NETrojan
port 1337 Shadyshell
port 1338 Millennium Worm
port 1349 Bo dll
port 1386 Dagger
port 1394 GoFriller
port 1441 Remote Storm
port 1492 FTP99CMP
port 1524 Trinoo
port 1568 Remote Hack
port 1600 Direct Connection, Shivka-Burka
port 1703 Exploiter
port 1777 Scarab
port 1807 SpySender
port 1826 Glacier
port 1966 Fake FTP
port 1967 For Your Eyes Only - FYEO, WM FTP Server
port 1969 OpC BO
port 1981 Bowl, Shockrave
port 1991 PitFall
port 1999 Back Door, SubSeven, TransScout
port 2000 Der Späher / Der Spaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator
port 2001 Der Späher / Der Spaeher, Trojan Cow
port 2023 Ripper Pro
port 2080 WinHole
port 2115 Bugs
port 2130 (UDP) - Mini Backlash
port 2140 The Invasor
port 2140 (UDP) - Deep Throat, Foreplay
port 2155 Illusion Mailer
port 2255 Nirvana
port 2283 Hvl RAT
port 2300 Xplorer
port 2311 Studio 54
port 2330 IRC Contact
port 2331 IRC Contact
port 2332 IRC Contact
port 2333 IRC Contact
port 2334 IRC Contact
port 2335 IRC Contact
port 2336 IRC Contact
port 2337 IRC Contact
port 2338 IRC Contact
port 2339 IRC Contact, Voice Spy
port 2339 (UDP) - Voice Spy
port 2345 Doly Trojan
port 2400 Portd
port 2555 Lion, T0rn Rootkit
port 2565 Striker trojan
port 2583 WinCrash
port 2589 Dagger
port 2600 Digital RootBeer
port 2702 Black Diver
port 2716 The Prayer
port 2773 SubSeven, SubSeven 2.1 Gold
port 2774 SubSeven, SubSeven 2.1 Gold
port 2801 Phineas Phucker 		port 2929 Konik
port 2989 (UDP) - Remote Administration Tool - RAT
port 3000 InetSpy, Remote Shut
port 3024 WinCrash
port 3031 Microspy
port 3128 Reverse WWW Tunnel Backdoor, RingZero
port 3129 Masters Paradise
port 3131 SubSARI
port 3150 The Invasor
port 3150 (UDP) - Deep Throat, Foreplay, Mini Backlash
port 3456 Terror trojan
port 3459 Eclipse 2000, Sanctuary
port 3700 Portal of Doom
port 3777 PsychWard
port 3791 Total Solar Eclypse
port 3801 Total Solar Eclypse
port 4000 Connect-Back Backdoor, SkyDance
port 4092 WinCrash
port 4201 War trojan
port 4242 Virtual Hacking Machine - VHM
port 4321 BoBo
port 4444 CrackDown, Prosiak, Swift Remote
port 4488 Event Horizon
port 4523 Celine
port 4545 Internal Revise
port 4567 File Nail
port 4590 ICQ Trojan
port 4653 Cero
port 4666 Mneah
port 4950 ICQ Trogen (Lm)
port 5000 Back Door Setup, BioNet Lite, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie
port 5001 Back Door Setup, Sockets des Troie
port 5002 cd00r, Linux Rootkit IV (4), Shaft
port 5005 Aladino
port 5010 Solo
port 5011 One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified
port 5025 WM Remote KeyLogger
port 5031 Net Metropolitan
port 5032 Net Metropolitan
port 5321 Firehotcker
port 5333 Backage, NetDemon
port 5343 WC Remote Administration Tool - wCrat
port 5400 Back Construction, Blade Runner
port 5401 Back Construction, Blade Runner, Mneah
port 5402 Back Construction, Blade Runner, Mneah
port 5512 Illusion Mailer
port 5534 The Flu
port 5550 Xtcp
port 5555 ServeMe
port 5556 BO Facil
port 5557 BO Facil
port 5569 Robo-Hack
port 5637 PC Crasher
port 5638 PC Crasher
port 5742 WinCrash
port 5760 Portmap Remote Root Linux Exploit
port 5802 Y3K RAT
port 5873 SubSeven 2.2
port 5880 Y3K RAT
port 5882 Y3K RAT
port 5882 (UDP) - Y3K RAT
port 5888 Y3K RAT
port 5888 (UDP) - Y3K RAT
port 5889 Y3K RAT
port 6000 The Thing
port 6006 Bad Blood
port 6272 Secret Service
port 6400 The Thing
port 6661 TEMan, Weia-Meia
port 6666 Dark Connection Inside, NetBus worm
port 6667 Dark FTP, EGO, Maniac rootkit, Moses, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, The Thing (modified), Trinity, WinSatan
port 6669 Host Control, Vampire
port 6670 BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame
port 6711 BackDoor-G, SubSARI, SubSeven, VP Killer
port 6712 Funny trojan, SubSeven
port 6713 SubSeven
port 6723 Mstream
port 6767 UandMe
port 6771 Deep Throat, Foreplay
port 6776 2000 Cracks, BackDoor-G, SubSeven, VP Killer
port 6838 (UDP) - Mstream
port 6883 Delta Source DarkStar (??)
port 6912 Shit Heep
port 6939 Indoctrination
port 6969 2000 Cracks, Danton, GateCrasher, IRC 3, Net Controller, Priority
port 6970 GateCrasher
port 7000 Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold
port 7001 Freak88, Freak2k, NetSnooper Gold
port 7158 Lohoboyshik
port 7215 SubSeven, SubSeven 2.1 Gold
port 7300 NetMonitor
port 7301 NetMonitor
port 7306 NetMonitor
port 7307 NetMonitor, Remote Process Monitor
port 7308 NetMonitor, X Spy
port 7424 Host Control
port 7424 (UDP) - Host Control
port 7597 Qaz
port 7626 Binghe, Glacier, Hyne
port 7718 Glacier
port 7777 God Message, The Thing (modified), Tini
port 7789 Back Door Setup, ICKiller, Mozilla
port 7826 Oblivion
port 7891 The ReVeNgEr
port 7983 Mstream
port 8080 Brown Orifice, Generic backdoor, RemoConChubo, Reverse WWW Tunnel Backdoor, RingZero
port 8685 Unin68
port 8787 Back Orifice 2000
port 8812 FraggleRock Lite
port 8988 BacHack
port 8989 Rcon, Recon, Xcon
port 9000 Netministrator
port 9325 (UDP) - Mstream
port 9400 InCommand
port 9870 Remote Computer Control Center
port 9872 Portal of Doom
port 9873 Portal of Doom
port 9874 Portal of Doom
port 9875 Portal of Doom
port 9876 Cyber Attacker, Rux
port 9878 TransScout
port 9989 Ini-Killer
port 9999 The Prayer
port 10000 OpwinTRojan
port 10005 OpwinTRojan
port 10008 Cheese worm, Lion
port 10067 (UDP) - Portal of Doom
port 10085 Syphillis
port 10086 Syphillis
port 10100 Control Total, GiFt trojan
port 10101 BrainSpy, Silencer
port 10167 (UDP) - Portal of Doom
port 10520 Acid Shivers
port 10528 Host Control
port 10607 Coma
port 10666 (UDP) - Ambush
port 11000 Senna Spy Trojan Generator
port 11050 Host Control
port 11051 Host Control
port 11223 Progenic trojan, Secret Agent
port 11831 Latinus
port 12076 Gjamer
port 12223 Hack´99 KeyLogger
port 12310 PreCursor
port 12345 Adore sshd, Ashley, cron / crontab, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, ValvNet, Whack Job, X-bill
port 12346 Fat Bitch trojan, GabanBus, NetBus, X-bill
port 12348 BioNet
port 12349 BioNet, Webhead
port 12361 Whack-a-mole
port 12362 Whack-a-mole
port 12363 Whack-a-mole
port 12623 (UDP) - DUN Control
port 12624 ButtMan
port 12631 Whack Job
port 12754 Mstream
port 13000 Senna Spy Trojan Generator, Senna Spy Trojan Generator
port 13010 BitchController, Hacker Brasil - HBR
port 13013 PsychWard
port 13014 PsychWard
port 13223 Hack´99 KeyLogger
port 13473 Chupacabra
port 14500 PC Invader
port 14501 PC Invader
port 14502 PC Invader
port 14503 PC Invader
port 15000 NetDemon
port 15092 Host Control
port 15104 Mstream
port 15382 SubZero
port 15858 CDK
port 16484 Mosucker
port 16660 Stacheldraht
port 16772 ICQ Revenge
port 16959 SubSeven, Subseven 2.1.4 DefCon 8
port 16969 Priority
port 17166 Mosaic 		port 17300 Kuang2 the virus
port 17449 Kid Terror
port 17499 CrazzyNet
port 17500 CrazzyNet
port 17569 Infector
port 17593 AudioDoor
port 17777 Nephron
port 18667 Knark
port 18753 (UDP) - Shaft
port 19864 ICQ Revenge
port 20000 Millenium
port 20001 Insect, Millenium, Millenium (Lm)
port 20002 AcidkoR
port 20005 Mosucker
port 20023 VP Killer
port 20034 NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job
port 20203 Chupacabra
port 20331 BLA trojan
port 20432 Shaft
port 20433 (UDP) - Shaft
port 21544 GirlFriend, Kid Terror, Matrix
port 21554 Exploiter, FreddyK, Kid Terror, Schwindler, Winsp00fer
port 21579 Breach
port 21957 Latinus
port 22222 Donald Dick, Prosiak, Ruler, RUX The TIc.K
port 23005 NetTrash, Olive, Oxon
port 23006 NetTrash
port 23023 Logged
port 23032 Amanda
port 23321 Konik
port 23432 Asylum
port 23456 Evil FTP, Ugly FTP, Whack Job
port 23476 Donald Dick
port 23476 (UDP) - Donald Dick
port 23477 Donald Dick
port 23777 InetSpy
port 24000 Infector
port 24289 Latinus
port 25123 Goy'Z TroJan
port 25555 FreddyK
port 25685 MoonPie
port 25686 MoonPie
port 25982 MoonPie
port 26274 (UDP) - Delta Source
port 26681 Voice Spy
port 27160 MoonPie
port 27374 Bad Blood, EGO, Fake SubSeven, Lion, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven 2.2, SubSeven Muie, The Saint, Ttfloader, Webhead
port 27444 (UDP) - Trinoo
port 27573 SubSeven
port 27665 Trinoo
port 28431 Hack´a´Tack
port 28678 Exploiter
port 29104 NetTrojan
port 29292 BackGate
port 29369 ovasOn
port 29559 Latinus
port 29891 The Unexplained
port 30000 Infector
port 30001 ErrOr32
port 30003 Lamers Death
port 30005 Backdoor JZ
port 30029 AOL trojan
port 30100 NetSphere
port 30101 NetSphere
port 30102 NetSphere
port 30103 NetSphere
port 30103 (UDP) - NetSphere
port 30133 NetSphere
port 30303 Sockets des Troie
port 30700 Mantis
port 30947 Intruse
port 30999 Kuang2
port 31221 Knark
port 31335 Trinoo
port 31336 Bo Whack, Butt Funnel
port 31337 ADM worm, Back Fire, Back Orifice 1.20 patches, Back Orifice (Lm), Back Orifice russian, Baron Night, Beeone, bindshell, BO client, BO Facil, BO spy, BO2, cron / crontab, Freak88, Freak2k, Gummo, icmp_pipe.c, Linux Rootkit IV (4), Sm4ck, Sockdmini
port 31337 (UDP) - Back Orifice, Deep BO
port 31338 Back Orifice, Butt Funnel, NetSpy (DK)
port 31338 (UDP) - Deep BO, NetSpy (DK)
port 31339 NetSpy (DK), NetSpy (DK)
port 31557 Xanadu
port 31666 BOWhack
port 31745 BuschTrommel
port 31785 Hack´a´Tack
port 31787 Hack´a´Tack
port 31788 Hack´a´Tack
port 31789 (UDP) - Hack´a´Tack
port 31790 Hack´a´Tack
port 31791 (UDP) - Hack´a´Tack
port 31792 Hack´a´Tack
port 32001 Donald Dick
port 32100 Peanut Brittle, Project nEXT
port 32418 Acid Battery
port 32791 Acropolis
port 33270 Trinity
port 33333 Blakharaz, Prosiak
port 33567 Lion, T0rn Rootkit
port 33568 Lion, T0rn Rootkit
port 33577 Son of PsychWard
port 33777 Son of PsychWard
port 33911 Spirit 2000, Spirit 2001
port 34324 Big Gluck, TN
port 34444 Donald Dick
port 34555 (UDP) - Trinoo (for Windows)
port 35555 (UDP) - Trinoo (for Windows)
port 37237 Mantis
port 37266 The Killer Trojan
port 37651 Yet Another Trojan - YAT
port 38741 CyberSpy
port 39507 Busters
port 40412 The Spy
port 40421 Agent 40421, Masters Paradise
port 40422 Masters Paradise
port 40423 Masters Paradise
port 40425 Masters Paradise
port 40426 Masters Paradise
port 41337 Storm
port 41666 Remote Boot Tool - RBT, Remote Boot Tool - RBT
port 44444 Prosiak
port 44575 Exploiter
port 44767 (UDP) - School Bus
port 45559 Maniac rootkit
port 45673 Acropolis
port 47017 T0rn Rootkit
port 47262 (UDP) - Delta Source
port 48004 Fraggle Rock
port 48006 Fraggle Rock
port 49000 Fraggle Rock
port 49301 OnLine KeyLogger
port 50000 SubSARI
port 50130 Enterprise
port 50505 Sockets des Troie
port 50766 Fore, Schwindler
port 51966 Cafeini
port 52317 Acid Battery 2000
port 53001 Remote Windows Shutdown - RWS
port 54283 SubSeven, SubSeven 2.1 Gold
port 54320 Back Orifice 2000
port 54321 Back Orifice 2000, School Bus
port 55165 File Manager trojan, File Manager trojan, WM Trojan Generator
port 55166 WM Trojan Generator
port 57341 NetRaider
port 58339 Butt Funnel
port 60000 Deep Throat, Foreplay, Sockets des Troie
port 60001 Trinity
port 60008 Lion, T0rn Rootkit
port 60068 Xzip 6000068
port 60411 Connection
port 61348 Bunker-Hill
port 61466 TeleCommando
port 61603 Bunker-Hill
port 63485 Bunker-Hill
port 64101 Taskman
port 65000 Devil, Sockets des Troie, Stacheldraht
port 65390 Eclypse
port 65421 Jade
port 65432 The Traitor (= th3tr41t0r)
port 65432 (UDP) - The Traitor (= th3tr41t0r)
port 65530 Windows Mite
port 65534 /sbin/initd
port 65535 Adore worm, RC1 trojan, Sins