exploited win2k box, not quite sure how:

From: John Jasen (jjasen1at_private)
Date: Fri May 17 2002 - 18:05:29 PDT

  • Next message: Mike Lewinski: "Re: exploited win2k box, not quite sure how:"

    Got a wierd one here.
    Win2k server, SP2
    IIS 5.0
    SQL server 7
    ipswitch imail 6.x
    Its definitely been broken into. PC-cillian bas picked up a few nimda
    files, and there is a directory c:\tAGGEd with various subdirectories
    under it, and an unopenable file C:\TaGGed By Ca$e.
    I'm working on getting a disk image up for perusal, but that might take a
    few days.
    Anybody seen this yet? Searching securityfocus, McAfee, Google, and a few
    other places has come up dry.
    -- John E. Jasen (jjasen1at_private)
    -- User Error #2361: Please insert coffee and try again.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Mon May 20 2002 - 11:30:08 PDT