Security Incidents mailing list archives
Re: Another unicode hacked box
From: Johan Augustsson <johan.augustsson () ADM GU SE>
Date: Wed, 9 May 2001 10:49:30 +0200
Jon Zobrist wrote:
The attacker attempted to deface our web pages by uploading index.html and index.asp both of which include the crude english "fuck USA Government" and the message "fuck PoinsonB0x", it also includes a contact email address of sysadmincn () yahoo com cn
I have cought an attempt to hack some of our webservers by the same guy/gang. They do not upload any files, they use a script that just simply uses the Unicode-hack to copy \WINNT\system32\cmd.exe to \inetpub\root.exe and then use root.exe to echo some text into the files default.htm and default.asp. The attack that i cought was comming from a compromised box in the USA.
I'm not sure if this warrants contacting the FBI or not, it appears clean up will be reinstalling completely.
Why bother? I don't think that the Chinese will give away any of their citizens to the USA. - Johan
Current thread:
- Another unicode hacked box Jon Zobrist (May 08)
- Re: Another unicode hacked box Johan Augustsson (May 10)
- Re: Another unicode hacked box jamie rishaw (May 10)
- <Possible follow-ups>
- Re: Another unicode hacked box Matt Scarborough (May 08)
- Re: Another unicode hacked box wait3r (May 10)