> Its definitely been broken into. PC-cillian bas picked up a few nimda > files, and there is a directory c:\tAGGEd with various subdirectories > under it, and an unopenable file C:\TaGGed By Ca$e. Sounds like a run-of-the-mill exploited anonymous FTP server to me. You got a world-writeable C: drive as ftproot? That will cause problems.... Use 'dir /x' to get MS-DOS 8.3 filenames, then you can use any other standard DOS commands to examine/remove it. Probably full of pirated software and movies. Check your FTP logs. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 18:22:10 PDT