Security Incidents mailing list archives

RE: strange ftp site

From: "David E. Mollico Jr" <dmollico () MOLLICO com>
Date: Thu, 30 Oct 2003 10:25:29 -0600

I would stay very far away from this website. It looks like those dll's
have interaction with the kernel file. I'd build a test computer and run
it on there to see what It will do.

-----Original Message-----
From: info hunter [mailto:sp3ct0r () yahoo com] 
Sent: Thursday, October 30, 2003 9:24 AM
To: incidents () securityfocus com
Subject: strange ftp site

Excuse my ignorance but need some help here.

Anyone know anything about this ftp site ftp://66.159.219.196

Noticed a firewall log showing a system hitting this address . Their
seems to be an exe and and some dll's.  When running the exe a dialog
box named test pops up and displays the text "if you can see this, email
eric".

Sam spade showed a badly configured dns. Would appreciate any input on
this.  It may be completly benign or maybe even just legit. Just seems
strange or I may be just paranoid.

------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------

Current thread:

strange ftp site info hunter (Oct 30)
- <Possible follow-ups>
- RE: strange ftp site David E. Mollico Jr (Oct 30)
- Re: strange ftp site info hunter (Oct 31)
- RE: strange ftp site Andre Ludwig (Oct 31)