Full Disclosure mailing list archives
RE: KIT.GED
From: "Tiago Halm" <thalm () void my-bulldog com>
Date: Fri, 17 Dec 2004 23:00:16 -0000
Use IISShield to prevent scenarios like the one you've described. http://www.kodeit.org/products/iisshield/default.htm Tiago Halm KodeIT Development Team http://www.kodeit.org -----Original Message----- From: full-disclosure-bounces () lists netsys com [mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Raoul Nakhmanson-Kulish Sent: sexta-feira, 17 de Dezembro de 2004 8:33 To: full-disclosure () lists netsys com Subject: [Full-disclosure] KIT.GED Hello, all! On one of our IIS servers (W2K fully patched, IIS Lockdown tool is installed) I have found in WWW root directory a file named KIT.GED and having size 834552 bytes. This is a RAR-packed self-executable containing these files: 01.03.2004 18:16 10240 caclsENG.exe 18.01.2004 19:33 53760 carun.dll 24.06.2004 00:58 8609 carun.ocx 19.02.2004 01:15 498 change.txt 24.06.2004 00:59 11780 chkdrv.vxd 24.06.2004 01:06 24646 install.cmd 01.03.2004 16:33 356 logoff.txt 01.03.2004 16:32 1234 logon.txt 16.03.2004 02:34 5119 settimedate.exe 23.06.2004 23:02 800256 tskman.exe Seems that this is a backdoor kit. Fortunately, it wasn't installed on this webserver and on any server in our network But how can somebody put this file in WWW root? What should we do to prevent it for future? Of course, I'll send this file or any listed above if required. -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- [This E-mail has been scanned for viruses but it is your responsibility to maintain up to date anti virus software on the device that you are currently using to read this email. ] --- [This E-mail has been scanned for viruses but it is your responsibility to maintain up to date anti virus software on the device that you are currently using to read this email. ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- KIT.GED Raoul Nakhmanson-Kulish (Dec 17)
- Re: KIT.GED GuidoZ (Dec 22)
- RE: KIT.GED Tiago Halm (Dec 23)