Security Incidents mailing list archives
RE: pubdestroyer2001.exe via anonymous FTP?
From: "Benninghoff, John" <JABenninghoff () DainRauscher com>
Date: Thu, 27 Sep 2001 15:38:34 -0500
You can remove files like this using the POSIX subsystem. http://support.microsoft.com/support/kb/articles/Q120/7/16.asp -----Original Message----- From: Slivkoff, Michael M [mailto:michael.slivkoff () eds com] Sent: Thursday, September 27, 2001 1:49 PM To: 'incidents () securityfocus com' Subject: RE: pubdestroyer2001.exe via anonymous FTP? I had a problem like this. I had an upload directory on anonymous ftp that was set write only. Some wonderful person tagged it with a directory called com1. Couldn't get rid of it for the life of me (win2k system). I still have a write only anonymous upload directory, but I disabled directory create. Anyone know how to get rid of a directory named with a system-reserved name? Other than deleting the drive. And how would you create it in the first place? -----Original Message----- From: Patrick Andry [mailto:pandry () wolverinefreight ca] Sent: Thursday, September 27, 2001 12:47 PM To: Mike Shaw Cc: incidents () securityfocus com Subject: Re: pubdestroyer2001.exe via anonymous FTP? Mike Shaw wrote:
I'm working with someone who had unwittingly left an anonymous ftp server available to the 'net with write access. The good news: nice mp3 and Divx collection. The bad news: In the root there was a file named pubdestroyer2001.exe that we had some trouble deleting. There were many spaces at the end of the file name. We were able to nix it by deleting the 8.3 file name. Has anyone seen this before? Anyone interested in a copy of the file? Thanks -Mike
------------------------------------------------------------------------ ----
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Undeletable files are a norm among warez sites. Also hidden and/or undeletable directories are also a trademark. There was a discussion here about it a few months back. Essentially, it's a last ditch effort to prevent the sysadmin from cutting off the warez ftp. Usually keeps the site going for a few minutes extra :) ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- pubdestroyer2001.exe via anonymous FTP? Mike Shaw (Sep 27)
- Re: pubdestroyer2001.exe via anonymous FTP? Patrick Andry (Sep 27)
- <Possible follow-ups>
- RE: pubdestroyer2001.exe via anonymous FTP? Slivkoff, Michael M (Sep 27)
- RE: pubdestroyer2001.exe via anonymous FTP? Chip McClure (Sep 27)
- RE: pubdestroyer2001.exe via anonymous FTP? Benninghoff, John (Sep 27)
- Re: pubdestroyer2001.exe via anonymous FTP? Kevin Reardon (Sep 27)