mailing list archives
Windows 2000 Server Attacks
From: "Paul Stewart" <pauls () nexicom net>
Date: Thu, 20 Feb 2003 12:57:13 -0500
In the past week we've had a number of Windows 2000 servers get hit by
someone uploading warez into hidden directories. Software seems to get
installed that is trying to make outbound connections via port 24. We
are seeing a whack of attempts to connect on various ports ranging
between 20000 and 50000.
We have no idea how this person has managed to gain some form of access
to these servers and are obviously quite concerned. The filename of the
software that is responsible we believe to be msudb32.exe
Does this ring a bell to anyone by chance? A google shows only one
response via newsgroups and no remedy.
Network Solutions Specialist