| Port No | 58339 |
| Service Name | BUTT |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The source for this plug-in has been published to the Public Domain, so several versions may come out. It requires that Back Orifice be installed prior to activation. |
| Reference Link | BUTT |
| Attack | Details: Butt Trumpet is a DLL plug-in for Back Orifice. It will be launched when BO is launched. Once running, it checks to see if it has been run successfully and sends an email message in the past (by checking the HKLM/SOFTWARE/NinjaSoft/BT/RunSuccess registry key, for those that care). If Butt Trumpet has successfully sent a message in the past, it will quit. If not, then it will attempt to connect to a pre-determined SMTP server (set by the system invader). If Butt Trumpet has problems connecting to this SMTP server, it will enter "Sleep Mode" for 5 minutes and later on tries again. This process keeps happening until Back Orifice and Butt Trumpet are told to stop (shutdown/reboot) or until Butt Trumpet has been connected to the SMTP server (at that point, it writes to the above registry key, so that no multiple messages will be sent). |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.