Security Incidents mailing list archives
Re: Q328691 ?
From: H C <keydet89 () yahoo com>
Date: Sat, 7 Sep 2002 04:27:08 -0700 (PDT)
It appears that (one of - there might be more) infection vectors is brute-force attack on administrator account, using few very simple passwords (and few account names).
My analysis of the "russiantopz" IRC bot was predicated by the primary file being dumped onto an IIS5.0 server. Seems the admins had the mistaken notions that (a) The Windows Updates included the patch for directory transversal, and (b) leaving default permissions and groups in place was just fine. __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Q328691 ?, (continued)
- Re: Q328691 ? Jon (Sep 09)
- Re: Q328691 ? HggdH (Sep 09)
- Re: Q328691 ? Valdis . Kletnieks (Sep 06)
- RE: Q328691 ? Byrne, David (Sep 09)
- Re: Q328691 ? Security (Sep 09)
- Re: Q328691 ? sunzi (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- Re: Q328691 ? Bernt Lervik (Sep 09)
- RE: Q328691 ? Jason Coombs (Sep 09)
- Re: Q328691 ? Bronek Kozicki (Sep 09)
- Re: Q328691 ? H C (Sep 09)
- Re: SV: Q328691 ? jennifer smith (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- RE: Q328691 ? Byrne, David (Sep 10)
- Re: Q328691 ? Kyle Lai (Sep 11)