[Intrusions] brightstor/arcserve backup client hacked
Matt.Carpenter at alticor.com
Matt.Carpenter at alticor.com
Wed Mar 2 12:26:22 GMT 2005
> Message: 1
> Date: Mon, 28 Feb 2005 14:53:35 -0800 (PST)
> From: Andrew Daviel <andrew at andrew.triumf.ca>
> Subject: [Intrusions] brightstor/arcserve backup client hacked
> To: intrusions at incidents.org
> Message-ID: <Pine.LNX.4.53.0502281452490.32306 at andrew.triumf.ca>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
>
> Yesterday we had a number of Windows machines hacked via port
> 41523. The attacker came in from a cable modem in Portugal then
> installed a rootkit from the Czech Republic ...
>
> This seems to be a vulnerability in Computer Associates BrightStor
backup
> (ARCserve)
>
> http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html
>
> some tcpdump data availalbe if anyone interested
>
Hi David,
Interested in the capture, particularly if malware is included (as in, you
caught the transfer of the rootkit and/or other hacking tools).
Thanks
More information about the Intrusions
mailing list