RE: Evil samples from Microsoft

["Florin Timariu" <Florin.Timariu () deuromedia ro>]

Check for the existence of http://remote/scripts/tools/newdsn.exe

QUOTE:
Newdsn.exe can be used by an a attacker to create files anywhere on your
disk if they have the NTFS correct
file permissions to do so. Newdsn.exe can also be used to overwrite the DSNs
on existing on-line databases
making the information contained in the database inaccessible.
This file, getdrvrs.exe, dsnform.exe and mkilog.exe should be deleted or
renamed unless there is a strong reason not to do so. In that case, ensure
that only Administrators may access them.


-----Original Message-----
From: CSIRT.WS [mailto:csirt () csirt ws]
Sent: Tuesday, September 11, 2001 4:14 PM
To: incidents () securityfocus com
Cc: vuln-dev () securityfocus com
Subject: Evil samples from Microsoft


We are seeing several IIS servers with the following DSN:

Evil samples from Microsoft

The Access Database it points to (e:\mydirtytricks.mdb) doesn’t exist, but
want to be sure.

Does anyone know if they are related to a virus? Hack attempt?


CSIRT

_____________________________________________________________
CSIRT.WS (Computer Security Incident Response Team - World Site)