Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: We Are Past Your Firewall...

From: "Corey Snipes" <corey.snipes () xor com>
Date: Tue, 5 Feb 2002 14:38:48 -0700
An NT/2K machine that has been compromised with the "root.exe" could be
made to send this message to another box (or to itself), using a fairly
straightforward url in a browser:

  http://[host]/scripts/root.exe?/net+send+localhost+hello+dave

I believe something along those lines will do it.

- Corey Snipes
  Programmer,  XOR Inc.




-----Original Message-----
From: raymond simon [mailto:desperate_straights () yahoo com]
Sent: Tuesday, February 05, 2002 1:55 PM
To: incidents () securityfocus com
Subject: We Are Past Your Firewall...


A friend of a friend sent a screenprint of a popup he
received when connecting to a network share.  The text
reads (Sanitized):
Messenger Service
Message from MACHINE1 to MACHINE2 at TIME
We are past your firewall and can see you are on as
your administrator.  Are you concerned?

(I would be)

Anyone recognize this?

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: