RE: pubdestroyer2001.exe via anonymous FTP?

From: Slivkoff, Michael M (michael.slivkoffat_private)
Date: Thu Sep 27 2001 - 11:48:53 PDT

Next message: Tracey Losco: "Second wave of Nimda?"

Previous message: Rich Puhek: "Re: Nimda et.al. versus ISP responsibility"
Maybe in reply to: Mike Shaw: "pubdestroyer2001.exe via anonymous FTP?"
Next in thread: Chip McClure: "RE: pubdestroyer2001.exe via anonymous FTP?"
Reply: Chip McClure: "RE: pubdestroyer2001.exe via anonymous FTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I had a problem like this.  I had an upload directory on anonymous ftp that
was set write only.  Some wonderful person tagged it with a directory called
com1.  Couldn't get rid of it for the life of me (win2k system).  I still
have a write only anonymous upload directory, but I disabled directory
create.  Anyone know how to get rid of a directory named with a
system-reserved name? Other than deleting the drive.  And how would you
create it in the first place?

-----Original Message-----
From: Patrick Andry [mailto:pandryat_private]
Sent: Thursday, September 27, 2001 12:47 PM
To: Mike Shaw
Cc: incidentsat_private
Subject: Re: pubdestroyer2001.exe via anonymous FTP?

Mike Shaw wrote:

> I'm working with someone who had unwittingly left an anonymous ftp 
> server available to the 'net with write access.
>
> The good news: nice mp3 and Divx collection.
> The bad news: In the root there was a file named pubdestroyer2001.exe 
> that we had some trouble deleting.  There were many spaces at
> the end of the file name.  We were able to nix it by deleting the 8.3 
> file name.
>
> Has anyone seen this before?  Anyone interested in a copy of the file?
>
> Thanks
> -Mike
>
>
>
----------------------------------------------------------------------------

>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management and 
> tracking system please see: http://aris.securityfocus.com

Undeletable files are a norm among warez sites.  Also hidden and/or 
undeletable directories are also a trademark.  There was a discussion 
here about it a few months back.  Essentially, it's a last ditch effort 
to prevent the sysadmin from cutting off the warez ftp.  Usually keeps 
the site going for a few minutes extra :)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tracey Losco: "Second wave of Nimda?"
Previous message: Rich Puhek: "Re: Nimda et.al. versus ISP responsibility"
Maybe in reply to: Mike Shaw: "pubdestroyer2001.exe via anonymous FTP?"
Next in thread: Chip McClure: "RE: pubdestroyer2001.exe via anonymous FTP?"
Reply: Chip McClure: "RE: pubdestroyer2001.exe via anonymous FTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 13:09:34 PDT