mailing list archives
Re: what next
From: Justin <winopride () gmail com>
Date: Tue, 06 Feb 2007 08:18:30 -0700
nemanja.janic () centroproizvod co yu wrote:
i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place.
i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no
extension) which contained the following lines:
open 18.104.22.168 14547
user 1 1
open 22.214.171.124 5191
user 1 1
I figure this is some script to be used with ftp, or at least i think so.
I did tracert to those adresses, but that's where i'm stuck. What can i do next?
And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size.
Thanx in advance.
http://www.greatis.com/appdata/d/m/mstls.exe.htm -- Trojan/Backdoor
The file is an FTP script to StnyFtpd (for the ip address: 126.96.36.199).