Re: Firedaemon Application
From: Chris Stoermer (stoermer@NOSPAM.unt.edu)
Date: 07/26/02
- Next message: Marina Roos: "Re: How to access multiple domains inWin2K"
- Previous message: Pete Grazaitis: "IISLockd Undo without Logs or a reinstall without logs?"
- In reply to: jclaudias Claudias: "Firedaemon Application"
- Next in thread: no worries: "Firedaemon Application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris Stoermer <stoermer@NOSPAM.unt.edu> Date: Fri, 26 Jul 2002 13:22:59 -0700
Howdy!
This is a common piece of an exploit called Movie World. Usually, the
exploit is carried out under the winnt\vm32 or winnt\config directory.
It loads a simple IRC bot, ftp bot, and maybe a program to snoop around
for other "weak" machines. Look for zipped or rar'd movies on the
exploited machines.
In all cases, we had the machine rebuilt and required the user to change
passwords.
--Chris
"jclaudias Claudias" <jclaudias@ssw.umaryland.edu> wrote in
news:16ca01c234a8$36cb2bf0$37ef2ecf@TKMSFTNGXA13:
> Hey there,
>
> does anyone know what firedaemon is and how to remove it
> from a w2k server. Somehow it just showed up on one of my
> servers. I read that it allows u to install apps as
> services. Do u think it may be a hacker.
>
>
> John
- Next message: Marina Roos: "Re: How to access multiple domains inWin2K"
- Previous message: Pete Grazaitis: "IISLockd Undo without Logs or a reinstall without logs?"
- In reply to: jclaudias Claudias: "Firedaemon Application"
- Next in thread: no worries: "Firedaemon Application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
