Re: Can anyone identify this backdoor?

From: David Jacoby (djat_private)
Date: Thu Jul 11 2002 - 04:05:02 PDT

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.28] UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation and deletion vulnerabilities"

Previous message: Matthew Murphy: "Exploit: TL003/Dot Bug = Reading Non-Parsable Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My BAD! :/

iis.dll is a cfg file for the Serv-U daemon, it shows usage information.
NetworkEter.dll is used to change processID and portnumer and stuff.
iisl.dll is just the welcome message for the FTPserver!


Some of this kind of backdoors is used when scriptkiddie hackers
try to make a DUMP (warez) site on a fast connection. They will
hack a site, and then run this.


David Jacoby
Outpost24
www.outpost24.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.28] UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation and deletion vulnerabilities"
Previous message: Matthew Murphy: "Exploit: TL003/Dot Bug = Reading Non-Parsable Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 15:37:13 PDT