> RickMerrill<firstname.lastname@example.org> writes:
>> I've see this in the wild - has anyone else?
> Can you say more why it's believed to be a trojan?
> If they're unix boxes, it may simply be an X11 server. How big a
> problem it is for that to be listening (it can be a very big deal)
> depends on the configuration.
But the first reference I found (a few days ago) seems
to have disappeared: it ID'd a certain country as the perp.
There may be legit applications that use the port, but ...