mailing list archives
RE: Windows 2000 Server Attacks
From: "Mark Stunnenberg" <marksg () chello nl>
Date: Fri, 21 Feb 2003 08:53:44 +0100
What I know about this, is that 'they' use a bug in IIS to get access on the
server. Most of the time they will install a serv-u ftp server. And make
hidden dirs that cannot be accessed directly by browsing through the
directories (dirs like "com1", "lpt1" a.o.)
The file msudb32.exe doesn't ring a bell to me though :(
From: Paul Stewart [mailto:pauls () nexicom net]
Sent: donderdag 20 februari 2003 P 18:57
To: security-basics () securityfocus com
Subject: Windows 2000 Server Attacks
In the past week we've had a number of Windows 2000 servers
get hit by someone uploading warez into hidden directories.
Software seems to get installed that is trying to make
outbound connections via port 24. We are seeing a whack of
attempts to connect on various ports ranging between 20000 and 50000.
We have no idea how this person has managed to gain some form
of access to these servers and are obviously quite concerned.
The filename of the software that is responsible we believe
to be msudb32.exe
Does this ring a bell to anyone by chance? A google shows
only one response via newsgroups and no remedy.
Network Solutions Specialist
- RE: Windows 2000 Server Attacks Mark Stunnenberg (Feb 23)