Jon Zobrist wrote: > The attacker attempted to deface our web pages by uploading index.html and > index.asp both of which include the crude english "fuck USA Government" and > the message "fuck PoinsonB0x", it also includes a contact email address of > sysadmincnat_private > I have cought an attempt to hack some of our webservers by the same guy/gang. They do not upload any files, they use a script that just simply uses the Unicode-hack to copy \WINNT\system32\cmd.exe to \inetpub\root.exe and then use root.exe to echo some text into the files default.htm and default.asp. The attack that i cought was comming from a compromised box in the USA. > I'm not sure if this warrants contacting the FBI or not, it appears clean up > will be reinstalling completely. Why bother? I don't think that the Chinese will give away any of their citizens to the USA. - Johan
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 19:21:34 PDT