Security Incidents mailing list archives

RE: Upload of "pipes.scr" attempted to NetBus "honeypot"

From: "Talley, Brooks" <brooks () frnk com>
Date: Tue, 5 Jun 2001 10:27:05 -0700

pipes.scr is the 3d pipes screensaver on windows NT/2000.  It's a very
commonly used screensaver, so my guess is that whatever is doing the
uploading, it's sending a trojaned version of the pipes screensaver.
Perhaps that screensaver itself is what's doing the scanning and
attempted uploads.

It would be handy if you could extend your netbus simulator to accept
the upload and capture the presumably trojaned pipes.scr.

Cheers
-Brooks

-----Original Message-----
From: Sverre H. Huseby [mailto:shh () thathost com]
Sent: Monday, June 04, 2001 1:07 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Upload of "pipes.scr" attempted to NetBus "honeypot"

|   Ok, what I see is what seems to be three attempts on 
|   uploading a file
|   called "pipes.scr" to my computer.

Current thread:

Re: Upload of "pipes.scr" attempted to NetBus "honeypot" Sverre H. Huseby (Jun 05)
- Re: Upload of "pipes.scr" attempted to NetBus "honeypot" centipede (Jun 06)
- <Possible follow-ups>
- RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Talley, Brooks (Jun 05)
  - RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Hugo van der Kooij (Jun 05)