GEN:SID 1:118
Message BACKDOOR SatansBackdoor.2.0.Beta
Summary Satans Backdoor is a Trojan Horse capable of stealing passwords. This
event is generated when an infected machine replies to the attackers
connection attempt.
Impact Possible theft of data and passwords.
Detailed Information This Trojan affects the following operating systems:

    Windows 95
    Windows 98
    Windows ME
    Windows NT
    Windows 2000
    
The Trojan server always communcates via port 666 and cannot be changed
by the attacker. The server portion itself is named winvmm32.exe, this
also cannot be changed. The main purpose of this Trojan is password
stealing thus presenting the attacker with access to other machines and
possible further compromise of data.
Affected Systems  
Attack Scenarios This Trojan may be delivered to the target in a number of ways. This
event is indicative of an existing infection being activated. Initial
compromise can be in the form of a Win32 installation program that may
use the extension ".jpg" or ".bmp" when delivered via e-mail for
example.
Ease of Attack This is Trojan activity, the target machine may already be compromised.
Updated virus definition files are essential in detecting this Trojan.

The Trojan server is located called winvmm32.exe.
Corrective Action Delete the file winvmm32.exe.

Kill the process winvmm32.exe.
Additional References Whitehats arachNIDS
http://www.whitehats.com/info/IDS316
Rule References arachnids: 316