NetDefend IPS
IPS Advisories
NetDefend
Anti-Virus
Anti-Virus Advisories
NetDefend Web Content Filtering
NetDefend IP Reputation
NetDefend Update Center
IPS History
Sep 10, 2018
Sep 06, 2018
Sep 03, 2018
Aug 26, 2018
Aug 17, 2018
Anti-Virus History
Sep 06, 2018
Sep 03, 2018
Aug 31, 2018
Aug 30, 2018
Aug 17, 2018







Home > NetDefend Live > NetDefend IPS Service
NetDefend IPS Service
Print
Advisory ID
2013
Name
DeepThroat backdoor for Windows
IPS Signature
Maintenance IPS Signature
IPS Group
FROM / INT / ATTACK / RESPONSES
Issued
Oct 08, 1998
Description
Deep throat leaves port 6670 tcp open so that people can use tcp scanners to find infected victims, this port serves no other purpose.
There is a Global Master Password backdoor in all the servers: v 2.0 - whothefuckdoyouthinkiamgoddamnit2v 2.1 - whothefuckdoyouthinkiamgoddamnit1v 3.* - whothefuckdoyouthinkiamgoddamnit3

DeepThroat (versions 1, 2 and 3):
DeepThroat version 1 only works on Windows 95 and 98 machines, but versions 2 and 3 will run on Windows NT.
DeepThroat is a backdoor that operates on UDP port 2140. All three versions that are currently released use the same protocol: DeepThroat sends a UDP packet with a 2 byte command code, and the server sends back a response. For a 'ping' packet, the UDP packet's data is "00".
Affected Application
Microsoft Corporation: Windows 95, 98, NT Any version
Solution
1. Using Regedit, find the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.
2. Identify the DeepThroat registry entry. The entry could have one of two names:
SystemDLL32 (for DeepThroat version 1.0)
Systemtray (for DeepThroat version 2.0 or 3.0)
3. Stop the DeepThroat program from running. This process is different based on the version of Windows you are running.
- Windows 95/98: Restart the computer in MS-DOS mode. Proceed to step 4.
- Windows NT: Press CTRL+ALT+DEL, then click the Task Manager button to start the NT Task Manager. Click the Processes tab, and search the list for the file you identified in step 2. Select the file, and click End Process.
4. Delete the DeepThroat program file that you identified in step 2.
- Windows 95/98: From the DOS command prompt, delete the file from the path named in the registry value.
- Windows NT: Delete the file from the path named in the registry value.
5. Using Regedit, delete the registry entry you identified in step 2.
Refferences
http://xforce.iss.net/xforce/xfdb/2290
http://www.justkiwi.com/tairua/antitrojan/trojans/Deepthroat%201.0.htm
http://www.justkiwi.com/tairua/antitrojan/trojans/Deepthroat%202.0.htm
http://www.justkiwi.com/tairua/antitrojan/trojans/Deepthroat%202.1.htm
http://www.justkiwi.com/tairua/antitrojan/trojans/Deepthroat%203.0.htm
http://www.justkiwi.com/tairua/antitrojan/trojans/Deepthroat%203.1%20securer.htm
http://www.glocksoft.com/trojan_list/Deep_Throat.htm
http://www.simovits.com/trojans/tr_data/y832.html
http://xforce.iss.net/xforce/alerts/id/advise30
Enter your details in the box below to receive an email each time we post a new issue of our newsletter.







Jun 21, 2019