Security Incidents mailing list archives
MSLV.exe
From: Rob Keown <Keown () MACDIRECT COM>
Date: Wed, 21 Nov 2001 17:58:10 -0500
I am in heads down mode investigating an infection. The culprit is a file in root of c: of an NT4 SP6 machine supposedly patched IIS. MSLV.exe is in the root and contains Nimda-like exploit strings. Don't have time to go into detail. Can't find reference to mslv.exe anywhere. Anyone know of this? Rob Keown ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- MSLV.exe Rob Keown (Nov 21)
- <Possible follow-ups>
- RE: MSLV.exe Rob Keown (Nov 21)
- More ssh attempts Marco Slaviero (Nov 22)
- Re: More ssh attempts gabriel rosenkoetter (Nov 22)
- Re: More ssh attempts Homer Wilson Smith (Nov 22)
- Re: More ssh attempts Marco Slaviero (Nov 23)
- More ssh attempts Marco Slaviero (Nov 22)