RE: ASPXSPY

["Jared C. Henry" <jared.henry () heartlandsig com>]

I know. The developers are the ones keeping us from going forward. They state they don't have time for the migration 
and do not understand the problems behind keeping the 2000 box. Everyone seems to be clueless all the way up the chain. 
Thank you for your reply.

Jared



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Reza Ambler
Sent: Thursday, October 02, 2008 11:47 AM
Cc: security-basics () securityfocus com
Subject: Re: ASPXSPY

Jared,
I think your best bet is going to be getting off Windows 2000 ASAP. If you can't afford to go to Windows 2003 or 2008 
then you can use MONO for your ASP run time on a linux variant.

----- "Jared C. Henry" <jared.henry () heartlandsig com> wrote:

> Hey Everyone,
> I had a quick question. I was looking at one of my servers awhile ago
> and discovered an aspx file called "kk.aspx". After looking at the
> code
> it was quickly determined that it was a rootkit. After launching the
> page from the web and discovering it's capabilities I started to get
> sick at my stomach. Has anyone had any type of experience with this?
> I
> deleted the files. The server is running server 2000. Is there any
> type
> of recent exploits that would allow this that you know of?
>
> Thanks,
> Jared