Hi I thing that this file is a copy of cmd.exe. The methodology used by kids to deface NT web sites is to use the unicode exploit, to do a copy of cmd.exe in the directory scripts or other executable directory before defacing the site. So even you patch the unicode bug, they can continue defacing your site. regards -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTSat_private]On Behalf Of Ovanes Manucharyan Sent: vendredi 20 avril 2001 09:39 To: INCIDENTSat_private Subject: shell.exe Anyone know what this program does.. Is there such a backdoor? It was found on a hacked Windows NT machine. Ovanes __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 08:44:36 PDT