Re: pubdestroyer2001.exe via anonymous FTP?

[Kevin Reardon <Kevin.Reardon () oracle com>]

Good note.  I found the same thing is possible in unix.  Try deleteing a
directory called $HOME.  However, you can just use the dos syntax in the note
rather then posix:
               rmdir \\.\c:\temp\com1
or substitute the c:\temp\com1 with the directory that offends you.  I just
tried it and it works quite well (both the mkdir and rmdir work).


---K

"Benninghoff, John" wrote:

> You can remove files like this using the POSIX subsystem.
>
> http://support.microsoft.com/support/kb/articles/Q120/7/16.asp
>
> -----Original Message-----
> From: Slivkoff, Michael M [mailto:michael.slivkoff () eds com]
> Sent: Thursday, September 27, 2001 1:49 PM
> To: 'incidents () securityfocus com'
> Subject: RE: pubdestroyer2001.exe via anonymous FTP?
>
> I had a problem like this.  I had an upload directory on anonymous ftp
> that
> was set write only.  Some wonderful person tagged it with a directory
> called
> com1.  Couldn't get rid of it for the life of me (win2k system).  I
> still
> have a write only anonymous upload directory, but I disabled directory
> create.  Anyone know how to get rid of a directory named with a
> system-reserved name? Other than deleting the drive.  And how would you
> create it in the first place?
>
> -----Original Message-----
> From: Patrick Andry [mailto:pandry () wolverinefreight ca]
> Sent: Thursday, September 27, 2001 12:47 PM
> To: Mike Shaw
> Cc: incidents () securityfocus com
> Subject: Re: pubdestroyer2001.exe via anonymous FTP?
>
> Mike Shaw wrote:
>
> > I'm working with someone who had unwittingly left an anonymous ftp
> > server available to the 'net with write access.
> >
> > The good news: nice mp3 and Divx collection.
> > The bad news: In the root there was a file named pubdestroyer2001.exe
> > that we had some trouble deleting.  There were many spaces at
> > the end of the file name.  We were able to nix it by deleting the 8.3
> > file name.
> >
> > Has anyone seen this before?  Anyone interested in a copy of the file?
> >
> > Thanks
> > -Mike
> ------------------------------------------------------------------------
> ----
>
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management and
> > tracking system please see: http://aris.securityfocus.com
>
> Undeletable files are a norm among warez sites.  Also hidden and/or
> undeletable directories are also a trademark.  There was a discussion
> here about it a few months back.  Essentially, it's a last ditch effort
> to prevent the sysadmin from cutting off the warez ftp.  Usually keeps
> the site going for a few minutes extra :)
>
> ------------------------------------------------------------------------
> ----
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
> ------------------------------------------------------------------------
> ----
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

Attachment: Kevin.Reardon.vcf
Description: Card for Kevin Reardon

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com