HighCheck or Attack Name: BackdoorPbbser
A simple Unix-based backdoor written by "PBBSER" contains very limited and non-robust functionality to either add a UID 0 account to the host's passwd file or display a predefined message to all the users on the system. By default this backdoor is configured to listen on TCP port 505 and accept commands from an attacker who knows how to use the backdoor.
If a host is found to have this backdoor install, immediately remove the host from your networks and assume the host (and possibly other hosts) are completely compromised.
