Home page logo
/

basics logo Security Basics mailing list archives

Windows 2000 Server Attacks
From: "Paul Stewart" <pauls () nexicom net>
Date: Thu, 20 Feb 2003 12:57:13 -0500

Hi there..

In the past week we've had a number of Windows 2000 servers get hit by
someone uploading warez into hidden directories.  Software seems to get
installed that is trying to make outbound connections via port 24.  We
are seeing a whack of attempts to connect on various ports ranging
between 20000 and 50000.

We have no idea how this person has managed to gain some form of access
to these servers and are obviously quite concerned.  The filename of the
software that is responsible we believe to be msudb32.exe

Does this ring a bell to anyone by chance?  A google shows only one
response via newsgroups and no remedy.

Thanks,

---
Paul Stewart
Network Solutions Specialist
Nexicom Inc.
http://www.nexicom.net/
(705)932-4127 Office
(705)932-2329 Fax 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]