Re: Win2k hack attempt

["Blake R. Swopes" <bhodi () BIGFOOT COM>]

Looks like they were trying to use some IIS exploit to create a copy of your
command interpreter and then pass commands to the copy, defacing your web
site. Kashmir has been a theme in a lot of mass defacements lately, and
looks like israel/palestine is on the rise.

Was your web site defaced or the cmd1.exe file created?
  -----Original Message-----
  From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf
Of Guy Geva
  Sent: Saturday, December 30, 2000 2:53 AM
  To: INCIDENTS () SECURITYFOCUS COM
  Subject: Win2k hack attempt


  Hi list,

  Please give your opinion its a bit wierd...
  Hacking attempt on my win2k server, please try to tell me what is wrong
with my
  system what is the hacking method taken ? and any other useful information
will be great.
  I patched myself with all the patches available.

  the log is attached.