Re: Trojan of somesort - Update

[Harlan Carvey <keydet89 () yahoo com>]

> That's interesting.  The last one that I looked at
> had been hacked through 
> IIS, using RFP's MSACD exploit - twice - in two
> different months.  

Well, maybe it's a matter of semantics (which is
another issue all together).  I don't see using RFP's
MSADC exploit as being "hacking", necessarily,
particularly if it's bundled in an automated fashion.

> Others that I've studied were hacked 
> through MSSQL server, because the sa password was
> either blank or easily 
> guessed.  One that used to get hacked constantly
> (until I fixed the problem 
> permanently) was being hacked through the IIS
> directory traversal vulnerability.

Again, maybe it's just me, but I can't see either of
these as "hacks".  Using canned or scripted exploits
to compromise machines via long-since-patched
vulnerabilities...compromising the machine, yes. 
Hacking...hhhmmmm...not sure.  But again, that's just
me.

> We did have an administrator who kept setting up an
> anonymous upload site 
> and couldn't figure out how the skiddies were
> finding it so fast, but in 
> our network that's been the exception rather than
> the rule.

There you go!  ;-)