Security Basics mailing list archives
RE: Windows 2000 Server Attacks
From: "Mark Stunnenberg" <marksg () chello nl>
Date: Fri, 21 Feb 2003 08:53:44 +0100
What I know about this, is that 'they' use a bug in IIS to get access on the server. Most of the time they will install a serv-u ftp server. And make hidden dirs that cannot be accessed directly by browsing through the directories (dirs like "com1", "lpt1" a.o.) The file msudb32.exe doesn't ring a bell to me though :(
-----Original Message----- From: Paul Stewart [mailto:pauls () nexicom net] Sent: donderdag 20 februari 2003 P 18:57 To: security-basics () securityfocus com Subject: Windows 2000 Server Attacks Hi there.. In the past week we've had a number of Windows 2000 servers get hit by someone uploading warez into hidden directories. Software seems to get installed that is trying to make outbound connections via port 24. We are seeing a whack of attempts to connect on various ports ranging between 20000 and 50000. We have no idea how this person has managed to gain some form of access to these servers and are obviously quite concerned. The filename of the software that is responsible we believe to be msudb32.exe Does this ring a bell to anyone by chance? A google shows only one response via newsgroups and no remedy. Thanks, --- Paul Stewart Network Solutions Specialist Nexicom Inc. http://www.nexicom.net/ (705)932-4127 Office (705)932-2329 Fax
Current thread:
- RE: Windows 2000 Server Attacks Mark Stunnenberg (Feb 22)
- <Possible follow-ups>
- re: Windows 2000 Server Attacks H C (Feb 22)