Full Disclosure mailing list archives
RE: unknown backdoor: 220 StnyFtpd 0wns j0
From: "Fowler, Mike" <mike.fowler () guidancesoftware com>
Date: Thu, 23 Sep 2004 12:14:09 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_K IBUV.B&VSect=T Mike ________________________________ From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ryan Sumida Sent: Thursday, September 23, 2004 10:42 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] unknown backdoor: 220 StnyFtpd 0wns j0 I've been finding a few compromised Windows systems on our campus that have a random port open with a banner of "220 StnyFtpd 0wns j0". All the systems seem to be doing SYN scans on port 445 and LSASS buffer overflow attempts. Anyone know what worm/bot is doing this? I don't have access to these machines so I can only get a network view of what the systems are doing. Thanks, Ryan -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQVMggXM87JWv+p9GEQKhlACgg5Bu7/7oNot2mojru42n4arvvtwAoK92 vCQLsHX37i7hK4P5vwMgrScD =rLJ1 -----END PGP SIGNATURE----- Note: The information contained in this message may be privileged and confidential and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
Attachment:
PGPexch.rtf.pgp
Description: PGPexch.rtf.pgp
Current thread:
- unknown backdoor: 220 StnyFtpd 0wns j0 Ryan Sumida (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 Harlan Carvey (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 joe smith (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 Ryan Sumida (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 joe smith (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 Mike Iglesias (Sep 23)
- <Possible follow-ups>
- RE: unknown backdoor: 220 StnyFtpd 0wns j0 Todd Towles (Sep 23)
- Re: unknown backdoor: 220 StnyFtpd 0wns j0 mike king (Sep 23)
- RE: unknown backdoor: 220 StnyFtpd 0wns j0 Elliott, James (Sep 23)
- RE: unknown backdoor: 220 StnyFtpd 0wns j0 Fowler, Mike (Sep 23)
- RE: unknown backdoor: 220 StnyFtpd 0wns j0 Constantinidis, Alex (Sep 24)