Re: windows 2000 professional hacked with Serv-U FTP Server
From: frank (fbedolla@cotopaxi.com.mx)
Date: 11/27/02
- Next message: Karl Levinson [x y] mvp: "Re: Restrict FTP access to certain IP addresses"
- Previous message: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- In reply to: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: Andrew: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "frank" <fbedolla@cotopaxi.com.mx> Date: Wed, 27 Nov 2002 08:24:06 -0600
its related with de OS2 support and its used as a trojan
the trojan is NTHack
steals and snd your passwords to the hacker, so he can access with full
privileges
-- Regards Francisco Bedolla Ramirez (Work) Mexico DF W2K AS SP3 -- "Tony" <tony.wong@sbcglobal.net> escribió en el mensaje news:U7%E9.4637$nD7.254904599@newssvr13.news.prodigy.com... > Hmm, I have to check. What are these? > "frank" <fbedolla@cotopaxi.com.mx> wrote in message > news:#Y5SarVlCHA.1748@tkmsftngp07... > > just one question > > did you have os2ss.exe and os2svr.exe running in your task manager? > > > > -- > > > > Regards > > > > Francisco Bedolla Ramirez > > (Work) > > Mexico DF > > W2K AS SP3 > > "Tony" <tony.wong@sbcglobal.net> escribió en el mensaje > > news:y1CE9.298$hh1.21681209@newssvr21.news.prodigy.com... > > > ports 137-139 are blocked at the border router. It was running sp2. > Norton > > > Antivirus Corporate edition was running. Administrator did have a pretty > > > strong password. > > > > > > I dont know how they uploaded this trojab and started a server Serv-U > Ftp > > > Server listening on a high port 7000 or something like that > > > > > > Also All files uploaded was hidden under "My Pictures" > > > > > > Serveral accounts were created and were in the local admin group > > > > > > > > > > > > "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message > > > news:3de2184f.1199174@news.easynews.com... > > > > >This machine was not running IIS. how did they get in? auditing was > > > turned > > > > >off so no security info. > > > > > > > > Is your firewall blocking ports 137-139? Are you using strong > > > > passwords? Have you *now* truned on auditing so you can see future > > > > attacks? After having reformatted and reinstalled to eliminate the > > > > trojans/back doors/etc.? > > > > > > > > Jeff > > > > > > > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.422 / Virus Database: 237 - Release Date: 20/11/2002 > > > > > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.423 / Virus Database: 238 - Release Date: 25/11/2002
- Next message: Karl Levinson [x y] mvp: "Re: Restrict FTP access to certain IP addresses"
- Previous message: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- In reply to: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: Andrew: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
