Bugtraq mailing list archives

All versions of windows infected?

From: Iamhatingit () aol com
Date: Fri, 06 Sep 2002 17:55:21 -0400

I have been doing research on one of the latest problems with all microsoft products but with little success. it 
appears that someone or some system is infecting and rooting all types of windows boxes.  no one really knows how or by 
what method this is bieng done by.  But virus and worm have been rulled out.  here is more information on the matter if 
you dont allready have it.
http://www.techtv.com/news/security/story/0,24195,3398556,00.html
but my question is i have found one of the files in my system
in zipeed files that have not been updated in 6 months 
the file name is WS_ftp and here is the source
hope some of this helps..

[Ipswitch]
HOST=ftp.ipswitch.com
UID=anonymous

[WS_FTP Pro Patches]
HOST=ftp.ipswitch.com
UID=anonymous
DIR=/Ipswitch/Product_Support/WS_FTP_Pro

[WS_FTP16]
HOST=ftp1.ipswitch.com
UID=anonymous
DIR=/pub/win3

[WS_FTP32]
HOST=ftp1.ipswitch.com
UID=anonymous
DIR=/pub/win32

[UK Winsock Archive]
HOST=ftp.demon.co.uk
UID=anonymous
DIR=/pub/ibmpc/winsock/apps

[WinQVT/Net]
HOST=biochemistry.cwru.edu
UID=anonymous

[Trumpet Winsock DLL]
HOST=ftp.trumpet.com.au
UID=anonymous
DIR=/ftp/pub/winsock

[Trumpet News Reader]
HOST=ftp.trumpet.com.au
UID=anonymous
DIR=/ftp/pub/wintrump

[AOL]
HOST=ftp.aol.com
UID=anonymous
DIR=/waol/WindowsBeta

[X500]
HOST=naic.nasa.gov
UID=anonymous
DIR=/software/windows-dua

[WSGopher]
HOST=dewey.tis.inel.gov
UID=anonymous
DIR=/pub/wsgopher

[Games]
HOST=ftp.uwp.edu
UID=anonymous
DIR=/pub/msdos/games

[CICA WinSock Files]
HOST=ftp.cica.indiana.edu
UID=anonymous
DIR=/pub/pc/win3/winsock

[QWS3270]
HOST=ftp.ccs.queensu.ca
UID=anonymous
DIR=/pub/msdos/tcpip

[CELLO]
HOST=ftp.law.cornell.edu
UID=anonymous
DIR=/pub/LII/Cello

[Eudora]
HOST=ftp.qualcomm.com
UID=anonymous
DIR=/quest/windows/eudora

[Finger]
HOST=sparky.umd.edu
UID=anonymous
DIR=/pub/winsock

[SunSite UNC]
HOST=sunsite.unc.edu
UID=anonymous
DIR=/pub/micro/pc-stuff/ms-windows/winsock

[SPRY-app2sock]
HOST=ftp.spry.com
UID=anonymous
DIR=/vendor/spry

[WinVN]
HOST=ftp.ksc.nasa.gov
UID=anonymous
DIR=/pub/winvn

[Mosaic]
HOST=ftp.NCSA.uiuc.edu
UID=anonymous
DIR=/Web/Mosaic/Windows

[OS2 Files]
HOST=FTP-OS2.NMSU.EDU
UID=anonymous

[Microsoft]
HOST=ftp.microsoft.com
UID=anonymous

[OAK Archives]
HOST=oak.oakland.edu
UID=anonymous
DIR=/pub/msdos/lan

[_config_]
SESSION=ftp.angelfire.com
VIEWER=notepad
AUTOSTART=1
MAILADDR=guest@unknown

[WSArchie]
HOST=ftp.demon.co.uk
UID=anonymous
DIR=/pub/ibmpc/winsock/apps/wsarchie

[ftp.angelfire.com]
HOST=ftp.angelfire.com
UID=/sk2/smokeyssite
PWD=V35E4EE1F1B2CA24E66927D01C293C577966675AB3D73A5
DIR=/pub/win32
PASVMODE=0
TIMEOFFSET=0

Current thread:

All versions of windows infected? Iamhatingit (Sep 06)
- Re: All versions of windows infected? Walter Hop (Sep 07)
- Re: All versions of windows infected? Axel Pettinger (Sep 07)