Re: ftp warez server snake ?

From: H Carvey (keydet89_at_yahoo.com)
Date: 12/08/04

Next message: Bob User: "Re: ftp warez server snake ?"

Previous message: Jez Han***: "Re: PHP injection attempt from 200.222.244.154"
Maybe in reply to: Andreas Putzo: "ftp warez server snake ?"
Next in thread: Bob User: "Re: ftp warez server snake ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 8 Dec 2004 14:02:32 -0000
To: incidents@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <200412072214.18019.andreas@inferno.nadir.org>

>Anyone recognize this one?

Given how easy these things are to manipulate, it could be anything.

I know you said that you don't have physical access, but do you have remote admin access, or know someone who does? If so, could you get copies of the executable image files for these processes, perhaps any configuration files, dumps of process memory, etc? These would go a long way toward helping you figure out what this stuff is.

H. Carvey
http://www.windows-ir.com
http://windowsir.blogspot.com

Next message: Bob User: "Re: ftp warez server snake ?"

Previous message: Jez Han***: "Re: PHP injection attempt from 200.222.244.154"
Maybe in reply to: Andreas Putzo: "ftp warez server snake ?"
Next in thread: Bob User: "Re: ftp warez server snake ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]