Re: Anonymous FTP annoyance

[John Sage <jsage () finchhaven com>]

Bryan:

See:

http://www.xs4all.nl/~liew/startdivx/endofdeleters.txt

This'll make your hair stand on end.

A warez-k1dd13 manual about how to create undeletable directories on 
Windows boxes, all for the purpose of doing just exactly what's been 
done to you: set up a (potential) warez site.

Hopefully here you will find information that will let you reverse the 
process...


Afterwords, see:

http://ph.members.tripodasia.com/chisholm6707/sites02.09.2001.txt

for one listing of sites that have been warez-ed...


HTH..

- John


Bryan Smith wrote:

> I had opened anonymous FTP on my workstation at my office as a
> convenience to myself and fellow research partners.  It allowed write
> access, but I keep a close eye on it and haven't had any problems until
> today.  This way we're not sending unencrypted passwords across the
> network.
>
> The machine is WindowsXP Prof, running the included FTP server.  Today
> in one of the directories I find this
>
> /.tagged/~/.scanned/by/NTVM/com1
>
> I immediately turned off the FTP service and disabled the IUSR account.
> At first glance it just seems that my box was found through some
> scanning and marked as a possible warez dump site.
>
> Also, now that I would like to clean this up, I find that I cannot
> delete the folder "com1".  No ACL information is found in the properties
> for the directory and it's not read-only.  Somehow the tool created a
> "permanent" folder.
>
> What can be done to clean this up?
>
> Also, for those that may have ran into this before - has anything else
> been found that should also be taken into consideration?




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com