Security Incidents mailing list archives
Re: Trojan of somesort - Update
From: Harlan Carvey <keydet89 () yahoo com>
Date: Thu, 27 May 2004 12:26:50 -0700 (PDT)
Paul,
This is not surprising. It's been my experience that boxes that get "tagged" (i.e. set up as ftp sites for warez) get hacked by automated scripts and later get filled up with warez.
While it's true that the "tagged" FTP sites were filled w/ warez, my own investigations into these events showed quite clearly that not a single site was "hacked". Rather, the automated script would look for FTP sites that allowed an anonymous user to write to the drive (check was done using "mkdir" command). As the script was automated, it simply rm'd the directory it created (if successful) and recorded the IP address for later use. Again, by simply reviewing the logs, it was easy to see that none of the sites was "hacked".
Current thread:
- Re: Trojan of somesort - Update Bob the Builder (May 27)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- RE: Trojan of somesort - Update James C Slora Jr (May 28)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- RE: Trojan of somesort - Update James C Slora Jr (May 29)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Paul Schmehl (May 28)
- Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Changing file times, was -> Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Changing file times, was -> Re: Trojan of somesort - Update Gadi Evron (May 28)