Security Incidents mailing list archives
RE: Upload of "pipes.scr" attempted to NetBus "honeypot"
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Tue, 5 Jun 2001 23:44:03 +0200 (CEST)
On Tue, 5 Jun 2001, Talley, Brooks wrote:
pipes.scr is the 3d pipes screensaver on windows NT/2000. It's a very commonly used screensaver, so my guess is that whatever is doing the uploading, it's sending a trojaned version of the pipes screensaver. Perhaps that screensaver itself is what's doing the scanning and attempted uploads. It would be handy if you could extend your netbus simulator to accept the upload and capture the presumably trojaned pipes.scr.
It's not a new issue AFAIK. I found a link dating back in January (http://archives.linuxbe.org/arch055/0059.html) Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Current thread:
- Re: Upload of "pipes.scr" attempted to NetBus "honeypot" Sverre H. Huseby (Jun 05)
- Re: Upload of "pipes.scr" attempted to NetBus "honeypot" centipede (Jun 06)
- <Possible follow-ups>
- RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Talley, Brooks (Jun 05)
- RE: Upload of "pipes.scr" attempted to NetBus "honeypot" Hugo van der Kooij (Jun 05)