Re: Win2k machine hacked with Serv-U FTP etc
- From: "Karl Levinson" <levinson_k@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 May 2006 23:48:32 -0400
Possible, but doubtful. More likely his computer was attacked from the
outside, and he did not have a firewall enabled, and also may have been
missing some security patches.
This is relatively common, and usually the people doing such FTP tagging /
pubstro hacks have little interest in looking at anything on the computer.
The purpose is to use the bandwidth and disk space of the computer to serve
up illicit and possibly commercially valuable files such as ripped DVD
movies, games, pornography, software, etc. Usually, old and well-known
remote network vulnerabilities are exploited to gain access. Google for the
terms FTP tagging and/or pubstro if you want more information about motive.
Wikipedia probably has a good article on the subject. [It is entirely
possible that other attackers also accessed and used the computer for
different purposes, but the purposes are most often financial.]
I agree that unless you already know what to do in response, a format and
reinstall is probably the easiest response, although be sure a firewall is
enabled before putting it onto the Internet, and that the next step is to
download all service packs and patches from Microsoft, rebooting several
times to get all the patches.
Watching your monthly credit card statements for unexpected activity is
always a good idea, hacking or no.
"JM" <jm@xxxxxxxxx> wrote in message
news:iBEeg.33352$YI5.17217@xxxxxxxxxxxxxxxxxxxxxxxxx
more info:
Evidently, he made a newbie decision: he told me he "might have" clicked
on
the app shortcut on the desktop, because he remembers a bunch of icons
appearing on the desktop for a few seconds and then disappearing.
Did he execute a destructive program?
"JM" <jm@xxxxxxxxx> wrote in message
news:kuEeg.33351$YI5.19631@xxxxxxxxxxxxxxxxxxxxxxxxx
My father's Win2k machine has been hacked. Saturday he called me in achecking
panic, and when I got to his house I could see why. There were windows
opened all over his desktop (I will upload screenshots to my web server
if
it will help), a command window starting the Serv-U FTP service and
ipconfig settings, a web browser opened to his router with a servicestarted
on port 333, a shortcut to an app, and the 2000 services and computerreinstall,
mngment window.
I'm not familiar enough with 2000 to know how to investigate exactly what
happened. What I'm more interested in is where to go from here. My gut
tells me to immediately backup all his important files, reformat,
and set him up with improved security measures. I also think a call tohis
cc companies are in order, as well as changing all passwords to allhe's
accounts, websites, etc.
What were the hacker's main purpose?
Please advise me in other ways. I'm not interested in finding fault with
how he had things set up, other than to learn from his mistakes. While
not a computer expert, he's not a newbie either.
.
- References:
- Prev by Date: SUBINACL bug
- Next by Date: Loca Administrator "locked out"
- Previous by thread: Re: Win2k machine hacked with Serv-U FTP etc
- Next by thread: Re: Win2k machine hacked with Serv-U FTP etc
- Index(es):
Relevant Pages
|
