Re: Backdoor Trojan IRC

From: r0adh0g (roadhog_at_nospam.phreaker.net)
Date: 07/23/03


Date: Wed, 23 Jul 2003 09:31:15 -0400


Than you for the information!

rh

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:eH7pHVGUDHA.3192@tk2msftngp13.phx.gbl...
> Worms by definition spread on their own, usually without any human
> intervention. You should *first* look up the exact name of that
particular
> worm in the virus encyclopedia on the web site of whatever antivirus
program
> you're using to find out how it spreads, what vulnerabilities and/or
TCP/IP
> ports it uses and what else you may need to do to stop it from spreading.
> Sometimes you need a patch.
>
> However, if you have this one vulnerability, you probably have others, and
> you should close them all, not just this one. Here's how:
>
> How to tell how you are being compromised:
> http://securityadmin.info/faq.htm#hacked
>
> How to remove vulnerabilities from your computer:
> http://securityadmin.info/faq.htm#re-secure [consider this if you have
been
> hacked]
> http://securityadmin.info/faq.htm#harden
>
> You probably don't have a firewall. You need one. A firewall [or
sniffer]
> would also help you see who is doing what. There are free ones:
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#sniffer
>
> There may be some log files somewhere recording this activity, but which
log
> to inspect depends on which vulnerability is being exploited. So, looking
> up how this worm spreads may help you faster. Some vulnerabilities like
IIS
> buffer overflows don't get logged at all.
> http://securityadmin.info/faq.htm#iislogs2
> http://securityadmin.info/faq.htm#iislogs
>
> "r0adh0g" <roadhog@nospam.phreaker.net> wrote in message
> news:#i0iUJGUDHA.2260@TK2MSFTNGP12.phx.gbl...
> > Could anyone tell me how someone keeps putting this virus on my web
> server?
> > I am using Windows 2000 Server SP3, IIS with FTP and Web service, Front
> Page
> > Extensions.
> > Is there anyway to veiw a log of how/who is doing this?
> >
> > rh
> >
> >
>
>



Relevant Pages

  • Re: Backdoor Trojan IRC
    ... worm in the virus encyclopedia on the web site of whatever antivirus program ... you're using to find out how it spreads, what vulnerabilities and/or TCP/IP ... up how this worm spreads may help you faster. ...
    (microsoft.public.inetserver.iis.security)
  • RE: IPS, alternative solutions
    ... Will the worm use that same method? ... mechanisms that cover the same space as patching covers. ... known vulnerabilities, ... by pitching themselves as a combination of an IDS and a firewall. ...
    (Focus-IDS)
  • router worms and International Infrastructure [was: Re: IOS exploit]
    ... > follows an EIGRP vector from router to router. ... I wrote this after the release of "the three vulnerabilities", ... dangerous on their own, and consider what a worm, ... Packet Killers" as I like to call them to the world. ...
    (Bugtraq)
  • CERT Advisory CA-2003-04 MS-SQL Server Worm
    ... code that most likely exploits two vulnerabilities in the Resolution ... traffic generated between hosts infected with the worm targeting SQL ... Activity of this worm is readily identifiable on a network by the ... protection whatsoever against the initial infection of systems. ...
    (Cert)
  • Re: Linux worm crawls the web, what to do to protect our systems
    ... >> A strange worm is going around the web. ... >>some vulnerabilities in PHP. ... >>80 and the attack has been well documented by SANS. ...
    (Fedora)