I saw a Win2000 machine rooted just last week by an autorooter taking advantage of the pre-10pack rollup Microsoft put out just recently. It was hacked through a Unicode attack by an auto-rooter from Russia, connected to an ftp site in Moscow and downloaded a file named "lb.exe", which, when run connects to an IRC server in Moscow, loads an auto-rooter with a list of servers to attack, and hides the processes from netstat, Program Manager, etc. It was pretty slick. Cody Hatch HALO Network Security > > > I haven't seen any type of windows 'rootkit' myself. > > For example a replacement of netstat, nbtstat, > > route, and other utilities to give proccess > > information etc... > > > > If anyone knows of any let me know I'm interested. > > Of course the problem with getting windows > > source is an issue. > > Older versions of Hoglund's NTRootkit are available > here: > http://www.megasecurity.org/Tools/Nt_rootkit_all.html > > The 'newest' version I've been able to find is here: > http://www.ntndis.com/downloads.shtml > > click on "Windows NT Rootkit Source". > > Not sure how that applies to my original question, but > there it is... > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 02 2002 - 14:58:46 PDT