Re: Can anyone identify this backdoor?

From: David Jacoby (djat_private)
Date: Thu Jul 11 2002 - 04:05:02 PDT

Next message: shawn merdinger: "Re: Can anyone identify this backdoor?"

Previous message: Graham, Randy (RAW) : "RE: Code Red and other anomalous activity from 1433"
Maybe in reply to: Matt Andreko: "Can anyone identify this backdoor?"
Next in thread: shawn merdinger: "Re: Can anyone identify this backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My BAD! :/

iis.dll is a cfg file for the Serv-U daemon, it shows usage information.
NetworkEter.dll is used to change processID and portnumer and stuff.
iisl.dll is just the welcome message for the FTPserver!


Some of this kind of backdoors is used when scriptkiddie hackers
try to make a DUMP (warez) site on a fast connection. They will
hack a site, and then run this.


David Jacoby
Outpost24
www.outpost24.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: shawn merdinger: "Re: Can anyone identify this backdoor?"
Previous message: Graham, Randy (RAW) : "RE: Code Red and other anomalous activity from 1433"
Maybe in reply to: Matt Andreko: "Can anyone identify this backdoor?"
Next in thread: shawn merdinger: "Re: Can anyone identify this backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 15:37:09 PDT