Security Incidents: Re: Q328691 ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Q328691 ?

From: H C <keydet89 () yahoo com>
Date: Sat, 7 Sep 2002 04:27:08 -0700 (PDT)

It appears that (one
of - there might be more) infection vectors is
brute-force attack on
administrator account, using few very simple
passwords (and few account names).



My analysis of the "russiantopz" IRC bot was
predicated by the primary file being dumped onto an
IIS5.0 server.  Seems the admins had the mistaken
notions that (a) The Windows Updates included the
patch for directory transversal, and (b) leaving
default permissions and groups in place was just fine.

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Re: Q328691 ?, (continued)
- Re: SV: Q328691 ? H C (Sep 09)
- Re: Q328691 ? Bernt Lervik (Sep 09)
  - RE: Q328691 ? Jason Coombs (Sep 09)
- Re: Q328691 ? Bronek Kozicki (Sep 09)
  - Re: Q328691 ? H C (Sep 09)
- Re: SV: Q328691 ? jennifer smith (Sep 09)
  - Re: SV: Q328691 ? H C (Sep 09)
- RE: Q328691 ? Byrne, David (Sep 10)
- Re: Q328691 ? Kyle Lai (Sep 11)