I have the contents of a hacked site by the Chinese and would be willing to post it (zip file about 2 M) or send via email to anyone interested. The files contain killusa.zip and the 1i0n tarball containing all the nasties. Darrin Wassom Technical Specialist Internet Architecture 616.735.8417 wassomdat_private >>> "McCammon, Keith" <Keith.McCammonat_private> 05/02/01 01:53PM >>> Just judging by the submissions to this list, as well as security and administrative newsgroups I'd say that the ol' IIS Unicode attack is out in force. It's one of the easiest (which the children like), fastest (the children are impatient), and most effective (unlike some exploits, it doesn't require that a lot of conditions exist...other than a lazy admin). The most embarrassing part, as usual, is that it takes about 30 seconds to correct. I've also been noticing a large number of anonymous FTP checks in the last two days. MTC -----Original Message----- From: Meritt James [mailto:meritt_jamesat_private] Sent: Wednesday, May 02, 2001 12:26 PM To: INCIDENTSat_private Subject: What "methods" are being used A variety of web defacements reportedly originating with the Chinese are being reported. Anyone know what method(s) are being used? This may be an indication of the number of discrete attackers (may not, but gotta make a guess. Spoofed and bounced IPs are pretty much useless.) Thanks! V/R James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 12:12:38 PDT