Home page logo

basics logo Security Basics mailing list archives

RE: Windows 2000 Server Attacks
From: "Mark Stunnenberg" <marksg () chello nl>
Date: Fri, 21 Feb 2003 08:53:44 +0100

What I know about this, is that 'they' use a bug in IIS to get access on the
server. Most of the time they will install a serv-u ftp server. And  make
hidden dirs that cannot be accessed directly by browsing through the
directories (dirs like "com1", "lpt1" a.o.)

The file msudb32.exe doesn't ring a bell to me though :(

-----Original Message-----
From: Paul Stewart [mailto:pauls () nexicom net] 
Sent: donderdag 20 februari 2003 P 18:57
To: security-basics () securityfocus com
Subject: Windows 2000 Server Attacks

Hi there..

In the past week we've had a number of Windows 2000 servers 
get hit by someone uploading warez into hidden directories.  
Software seems to get installed that is trying to make 
outbound connections via port 24.  We are seeing a whack of 
attempts to connect on various ports ranging between 20000 and 50000.

We have no idea how this person has managed to gain some form 
of access to these servers and are obviously quite concerned. 
 The filename of the software that is responsible we believe 
to be msudb32.exe

Does this ring a bell to anyone by chance?  A google shows 
only one response via newsgroups and no remedy.


Paul Stewart
Network Solutions Specialist
Nexicom Inc.
(705)932-4127 Office
(705)932-2329 Fax 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]