Security Incidents mailing list archives
RE: Possible System Compromise
From: "Willsey, Rob (CCI-Omaha)" <Rob.Willsey () cox com>
Date: Tue, 9 Jul 2002 17:37:52 -0400
With the file sizes being different I wouldn't say a zip or rar file. Those usually have the same file size through the majority of it. My guess would be speed tests of some sort. -----Original Message----- From: Mike Hrubes [mailto:MHrubes () wizmo com] Sent: Tuesday, July 09, 2002 3:29 PM To: David Baker; incidents () securityfocus com Subject: RE: Possible System Compromise Perhaps a .rar or a zipped file of some sort? Seems familiar to me as well...I've seen it before. That's all the clues I have for you.... -----Original Message----- From: David Baker [mailto:bakerd () mitre org] Sent: Tuesday, July 09, 2002 1:58 PM To: incidents () securityfocus com Subject: Possible System Compromise All, I have a person that contacted me after some strange files appeared in the root directory of his Windows XP box. This person is remote from me, and I don't have a lot to go on right now, but there are about 30 files that appeared in the root directory: S3no 23KB S3no.1 7KB S3no.2 4KB S3no.3 23KB S3no.4 472KB S3no.5 23KB S3no.6 7KB S3no.7 4KB S3no.8 23KB S3no.9 472KB S3no.a 23KB S3no.b 7KB S3no.c 4KB S3no.d 23KB S3no.e 472KB S3no.f 23KB S3no.g 7KB S3no.h 4KB S3no.i 23KB S3no.j 472KB S3no.k 23KB S3no.l 7KB S3no.m 4KB S3no.n 23KB S3no.o 472KB S3no.p 23KB S3no.q 7KB S3no.r 4KB S3no.s 23KB S3no.t 472KB This sounds familiar to me, but I cannot seem to find anything in my archives about this one. I also couldn't find anything relevant with a couple of searches. Does anyone have a cluebat they can smack me with? The pattern of file sizes is constant. All the files have the same date/time 6/16/2002 at 6:42pm Thanks in advance. Dave B. -- ------------------------------------------------------------ David W. Baker bakerd () mitre org Lead INFOSEC Engineer G023 - Secure Information Technology (703) 883-3658 The MITRE Corporation (703) 883-4589 (F) Mailstop W435 7515 Colshire Drive McLean, VA, 22102 ------------------------------------------------------------ "Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding..." - William Gibson, "Neuromancer" "640K ought to be enough for anybody." - Bill Gates, 1981 ------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible System Compromise David Baker (Jul 09)
- Re: Possible System Compromise H C (Jul 09)
- <Possible follow-ups>
- RE: Possible System Compromise Mike Hrubes (Jul 09)
- RE: Possible System Compromise Willsey, Rob (CCI-Omaha) (Jul 09)