RE: Upload of "pipes.scr" attempted to NetBus "honeypot"

[Hugo van der Kooij <hvdkooij () vanderkooij org>]

On Tue, 5 Jun 2001, Talley, Brooks wrote:

> pipes.scr is the 3d pipes screensaver on windows NT/2000.  It's a very
> commonly used screensaver, so my guess is that whatever is doing the
> uploading, it's sending a trojaned version of the pipes screensaver.
> Perhaps that screensaver itself is what's doing the scanning and
> attempted uploads.
>
> It would be handy if you could extend your netbus simulator to accept
> the upload and capture the presumably trojaned pipes.scr.

It's not a new issue AFAIK. I found a link dating back in January
(http://archives.linuxbe.org/arch055/0059.html)

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.