Security Basics mailing list archives
Re: ASPXSPY
From: "Artyom El Sandro" <shipzdik () gmail com>
Date: Sun, 5 Oct 2008 23:11:04 +0300
Hey, Review the code in your application. One possibility is to exploit bugs in some script which allows to upload files on the server. Just deleting the shell won't help you much. Greets On Fri, Oct 3, 2008 at 4:09 PM, Jared C. Henry <jared.henry () heartlandsig com> wrote:
I know. The developers are the ones keeping us from going forward. They state they don't have time for the migration and do not understand the problems behind keeping the 2000 box. Everyone seems to be clueless all the way up the chain. Thank you for your reply. Jared -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Reza Ambler Sent: Thursday, October 02, 2008 11:47 AM Cc: security-basics () securityfocus com Subject: Re: ASPXSPY Jared, I think your best bet is going to be getting off Windows 2000 ASAP. If you can't afford to go to Windows 2003 or 2008 then you can use MONO for your ASP run time on a linux variant. ----- "Jared C. Henry" <jared.henry () heartlandsig com> wrote:Hey Everyone, I had a quick question. I was looking at one of my servers awhile ago and discovered an aspx file called "kk.aspx". After looking at the code it was quickly determined that it was a rootkit. After launching the page from the web and discovering it's capabilities I started to get sick at my stomach. Has anyone had any type of experience with this? I deleted the files. The server is running server 2000. Is there any type of recent exploits that would allow this that you know of? Thanks, Jared
Current thread:
- ASPXSPY Jared C. Henry (Oct 02)
- Re: ASPXSPY Reza Ambler (Oct 02)
- RE: ASPXSPY Jared C. Henry (Oct 03)
- Re: ASPXSPY Artyom El Sandro (Oct 06)
- RE: ASPXSPY Jared C. Henry (Oct 03)
- Re: ASPXSPY Adriel Desautels (Oct 06)
- Re: ASPXSPY Reza Ambler (Oct 02)