Security Incidents mailing list archives
Re: Windows 2k rootkit incident, files zipped for your pleasure.
From: Karl Larsson <karl.larsson () cellnetwork com>
Date: 13 Jun 2003 07:41:12 -0000
In-Reply-To: <5.2.0.9.2.20030612105515.020e77b8@localhost> Hi, Isn't this Hacker Defender v0.7.3 with modificated filenames and some utils added? The syntax of *.ini is exactly the same anyway.... Cheers, Kalle
If you don't mind me asking... how did you identify these files (eg.
what
tools, etc). I have a Windows hard drive that was rooted, and I've found some of the files from Linux (only having basic unix skills, I wouldn't know how to
go
too much farther), but I've been unable to find all of them. I would dearly love to find the install/original file, but in the mean time I
would
settle for the ini/config files which might tell me if I have missed any
of
the others. The root kit has elements of the Hacker Defender rootkit,
but
seems to have gone even farther. Yours, John At 11:57 AM 6/12/2003 -0400, Drew Weaver wrote:Hi, with the help or Karl Levinson I was able to detect the
presence of
a rootkit on one of my windows 2000 servers, I was able to grab the
files
and zip them, so maybe we can watch for this stuff in the future, im not sure if this rootkit has a particular name or what/not, you can get the files here: http://www.soul-fu.com/beenhaxxored.zip Thanks Karl. -Drew ------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
------------------------------------------------- John Ives, GCWN Systems Administrator College of Chemistry (510) 643-1033 "If you spend more on coffee than on IT security, Then you will be
hacked.
What's more, you deserve to be hacked." - Richard Clarke Any opinions expressed are my own and not those of the Regents of the University of California. -------------------------------------------------------------------------
---
-------------------------------------------------------------------------
---
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Windows 2k rootkit incident, files zipped for your pleasure. Karl Larsson (Jun 13)