Re: [Win2k hack attempt]

[mount ararat blossom <mountararatblossom () USA NET>]

 Hi,
 it seems that this guys have tried to exploit recent WIN NT /IIS 4.0&5.0
 unicode-handling vulnerability. However, i suppose this exploit works on
foreign UNICODE fonts, US sites are not vulnerable.
 At the beginning of the logs, i see that they just tried to list the
directories for C: and F: respectively. Later, they tried to copy cmd.exe
file, because attacker wants to bypass the the limit on command execution.
 Later, they tried to list directories with the copied cmd1.exe and they
created the file defaulthack.asp and so on.
 What i suggest is that take a check at this vulnerability from Microsoft
security page and if you are vulnerable take the necessary action,
accordingly.
 regards
 mab-

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1