Re: Backdoor Trojan IRC

From: r0adh0g (roadhog_at_nospam.phreaker.net)
Date: 07/23/03


Date: Wed, 23 Jul 2003 09:31:15 -0400


Than you for the information!

rh

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:eH7pHVGUDHA.3192@tk2msftngp13.phx.gbl...
> Worms by definition spread on their own, usually without any human
> intervention. You should *first* look up the exact name of that
particular
> worm in the virus encyclopedia on the web site of whatever antivirus
program
> you're using to find out how it spreads, what vulnerabilities and/or
TCP/IP
> ports it uses and what else you may need to do to stop it from spreading.
> Sometimes you need a patch.
>
> However, if you have this one vulnerability, you probably have others, and
> you should close them all, not just this one. Here's how:
>
> How to tell how you are being compromised:
> http://securityadmin.info/faq.htm#hacked
>
> How to remove vulnerabilities from your computer:
> http://securityadmin.info/faq.htm#re-secure [consider this if you have
been
> hacked]
> http://securityadmin.info/faq.htm#harden
>
> You probably don't have a firewall. You need one. A firewall [or
sniffer]
> would also help you see who is doing what. There are free ones:
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#sniffer
>
> There may be some log files somewhere recording this activity, but which
log
> to inspect depends on which vulnerability is being exploited. So, looking
> up how this worm spreads may help you faster. Some vulnerabilities like
IIS
> buffer overflows don't get logged at all.
> http://securityadmin.info/faq.htm#iislogs2
> http://securityadmin.info/faq.htm#iislogs
>
> "r0adh0g" <roadhog@nospam.phreaker.net> wrote in message
> news:#i0iUJGUDHA.2260@TK2MSFTNGP12.phx.gbl...
> > Could anyone tell me how someone keeps putting this virus on my web
> server?
> > I am using Windows 2000 Server SP3, IIS with FTP and Web service, Front
> Page
> > Extensions.
> > Is there anyway to veiw a log of how/who is doing this?
> >
> > rh
> >
> >
>
>