Security Incidents mailing list archives
RE: Upload of "pipes.scr" attempted to NetBus "honeypot"
From: "Talley, Brooks" <brooks () frnk com>
Date: Tue, 5 Jun 2001 10:27:05 -0700
pipes.scr is the 3d pipes screensaver on windows NT/2000. It's a very commonly used screensaver, so my guess is that whatever is doing the uploading, it's sending a trojaned version of the pipes screensaver. Perhaps that screensaver itself is what's doing the scanning and attempted uploads. It would be handy if you could extend your netbus simulator to accept the upload and capture the presumably trojaned pipes.scr. Cheers -Brooks
-----Original Message----- From: Sverre H. Huseby [mailto:shh () thathost com] Sent: Monday, June 04, 2001 1:07 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Upload of "pipes.scr" attempted to NetBus "honeypot"
| Ok, what I see is what seems to be three attempts on | uploading a file | called "pipes.scr" to my computer.
Current thread:
- Re: Upload of "pipes.scr" attempted to NetBus "honeypot" Sverre H. Huseby (Jun 05)
- Re: Upload of "pipes.scr" attempted to NetBus "honeypot" centipede (Jun 06)
- <Possible follow-ups>
- RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Talley, Brooks (Jun 05)
- RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Hugo van der Kooij (Jun 05)