Vulnerability Development mailing list archives
RE: Evil samples from Microsoft
From: "Florin Timariu" <Florin.Timariu () deuromedia ro>
Date: Wed, 12 Sep 2001 15:56:40 +0300
Check for the existence of http://remote/scripts/tools/newdsn.exe QUOTE: Newdsn.exe can be used by an a attacker to create files anywhere on your disk if they have the NTFS correct file permissions to do so. Newdsn.exe can also be used to overwrite the DSNs on existing on-line databases making the information contained in the database inaccessible. This file, getdrvrs.exe, dsnform.exe and mkilog.exe should be deleted or renamed unless there is a strong reason not to do so. In that case, ensure that only Administrators may access them. -----Original Message----- From: CSIRT.WS [mailto:csirt () csirt ws] Sent: Tuesday, September 11, 2001 4:14 PM To: incidents () securityfocus com Cc: vuln-dev () securityfocus com Subject: Evil samples from Microsoft We are seeing several IIS servers with the following DSN: Evil samples from Microsoft The Access Database it points to (e:\mydirtytricks.mdb) doesnt exist, but want to be sure. Does anyone know if they are related to a virus? Hack attempt? CSIRT _____________________________________________________________ CSIRT.WS (Computer Security Incident Response Team - World Site)
Current thread:
- Evil samples from Microsoft CSIRT . WS (Sep 11)
- RE: Evil samples from Microsoft Florin Timariu (Sep 12)