I got this from snort.org. It's over a month old (released on Nov 14th), but thought it might be worth posting anyway for those of you who might be as behind as I am.

The latest versions of libpcap and tcpdump available from tcpdump.org contain trojan code that connects to on TCP port 1963.
I'm sure this went out on bugtraq but I haven't kept up there lately.