Check for the existence of http://remote/scripts/tools/newdsn.exe QUOTE: Newdsn.exe can be used by an a attacker to create files anywhere on your disk if they have the NTFS correct file permissions to do so. Newdsn.exe can also be used to overwrite the DSNs on existing on-line databases making the information contained in the database inaccessible. This file, getdrvrs.exe, dsnform.exe and mkilog.exe should be deleted or renamed unless there is a strong reason not to do so. In that case, ensure that only Administrators may access them. -----Original Message----- From: CSIRT.WS [mailto:csirtat_private] Sent: Tuesday, September 11, 2001 4:14 PM To: incidentsat_private Cc: vuln-devat_private Subject: Evil samples from Microsoft We are seeing several IIS servers with the following DSN: Evil samples from Microsoft The Access Database it points to (e:\mydirtytricks.mdb) doesn’t exist, but want to be sure. Does anyone know if they are related to a virus? Hack attempt? CSIRT _____________________________________________________________ CSIRT.WS (Computer Security Incident Response Team - World Site)
This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 08:37:20 PDT