Re: Security issue with MS Exchange and Windows 2003 Server

From: Darrin S (cast_at_real)
Date: 11/29/05

• Next message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Previous message: David H. Lipman: "Re: Security issue with MS Exchange and Windows 2003 Server"
• In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Next in thread: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Reply: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Nov 2005 21:06:19 -0800

Read this pay close attention to the last paragraph on page 1.
http://www.computerworld.com/securitytopics/security/story/0,10801,99843,00.html

"ITTester" <ITTester@discussions.microsoft.com> wrote in message
news:E5B8AC36-6F3D-47A1-A685-A279E956D88C@microsoft.com...
> Thks Darrin for your suggestion, but hackdef is not a spyware but an
> trojan/backdoor virus. The intention of the creator of hackdef is to
> detect
> and defense any attempt to remove the hack tools. the virus will be
> activated
> when you attempt to patch the server, the virus will temporally delete,
> hide
> and replace some registry entries and windows files so you will not able
> to
> use or to reboot when you attempt to remove. files as cmd.exe, net.exe,
> spool.exe,.. are replaced.
>
> "Darrin S" wrote:
>
>> Spysweepers new version scans for rootkits and they have an enterprise
>> version that is also available as a fully functional trial version.
>> http://www.webroot.com/?rc=2180&ac=785&wt.srch=1&wt.mc_id=785
>>
>>
>>
>>
>> "ITTester" <ITTester@discussions.microsoft.com> wrote in message
>> news:820A8F04-BA76-40CD-B07F-718CAB32B830@microsoft.com...
>> >I have posted this message on Exchange Newsgroup but is seem that nobody
>> >is
>> > able to help me so I post it again in this newsgroup hopping someone
>> > can
>> > help
>> > me.
>> >
>> > Can anyone help me for the below points
>> >
>> > General overview of the problem:
>> > We have a single Exchange Server running on an DC and AD server
>> > During the past month, our server is infected with hackdef which open
>> > backdoor on our firewall (cisco pix 506e) and to our networks.
>> > However we have patched the security hole by remote (ssh) on the
>> > firewall
>> > and we are able to secure partially the network.
>> > We have rebuilt the DC and AD server using promote an depromote
>> > method -
>> > We
>> > have successfully added the second DC to our network but not yet
>> > promote
>> > this
>> > box to be the primary DC as we are not sure about the mailboxes moving.
>> > We have successfully configured a second mail server ready for the
>> > moving
>> > of
>> > mailboxes
>> > We have mount the new mail server offline and updated all security
>> > patches
>> > (Windows server SP1 and Exchange SP2)
>> > We use temporally an different AntiVirus which a not controlled by the
>> > DC
>> > for safety reason.
>> > We have successfully test the moving of a single mailbox
>> > It seem that everything are ready for the final move.
>> > However we are concerned for the below points:
>> >
>> > 1. Can hackdef or its variants infect the new mail servers by moving
>> > the
>> > mailboxes?
>> > 2. Can data on the moved mailboxes infect the new server - we have one
>> > user's mailboxes which is infected by a virus / trojan
>> >
>> > Do we need to rebuilt from scratch if the above point are not safe.
>> > We can't perform a anti-virus scan on the exchange db before the move
>> > as
>> > db
>> > will be corrupted so it's not usefull.
>> > Please advise if there any other alternative for this matter.
>> >
>> > Regards,
>> >
>> >
>>
>>
>>

---

• Next message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Previous message: David H. Lipman: "Re: Security issue with MS Exchange and Windows 2003 Server"
• In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Next in thread: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Reply: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security issue with MS Exchange and Windows 2003 Server ... little info about hackdef. ... I was very curious about this rootkit so I went into the root of where this ... this rootkit is been use by many other creator of virus and trojan as I ... > Since different AV vendors often name the same infector differently, ... (microsoft.public.security.virus) Re: iexplore.exe error and crash ... I've updated my Windows files, scan for virus every day, all the ... WinXP Pro, SP2 ... Click on OK to terminate program ... (microsoft.public.windows.inetexplorer.ie6.ieak) Re: How do I back up e-mail? ... > virus infiltrated it and over-wrote some Windows files. ... > installed Outlook Express on the new hard drive. ... popular OE Backup program - http://www.oehelp.com/OEBackup/Default.aspx. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Cant get rid of virus (downloader-dz) ... >destroys it every day. ... >The a/v software mentions a file called loader.exe which ... >is supposed to be in my windows files but I can't find ... If there is it will over write the one that has the virus ... (microsoft.public.scripting.virus.discussion) Re: How do I back up e-mail? ... > virus infiltrated it and over-wrote some Windows files. ... > re-install windows even though my virus scanner deleted the virus (after ... > installed Outlook Express on the new hard drive. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2005-11