An NT/2K machine that has been compromised with the "root.exe" could be made to send this message to another box (or to itself), using a fairly straightforward url in a browser: http://[host]/scripts/root.exe?/net+send+localhost+hello+dave I believe something along those lines will do it. - Corey Snipes Programmer, XOR Inc. > -----Original Message----- > From: raymond simon [mailto:desperate_straightsat_private] > Sent: Tuesday, February 05, 2002 1:55 PM > To: incidentsat_private > Subject: We Are Past Your Firewall... > > > A friend of a friend sent a screenprint of a popup he > received when connecting to a network share. The text > reads (Sanitized): > Messenger Service > Message from MACHINE1 to MACHINE2 at TIME > We are past your firewall and can see you are on as > your administrator. Are you concerned? > > (I would be) > > Anyone recognize this? > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 14:00:46 PST