[unisog] Re: Code Red(s) being confused with sadmind/IIS worm?

Anderson Johnston andy at umbc.edu
Fri Aug 10 19:10:22 GMT 2001


Anne's script netted two NTs when I ran it here.  Both seem to have been
compromised in early May.



On Fri, 10 Aug 2001, Anne Bennett wrote:

>
>
> In my remote scans for machines with /scripts/root.exe, I've been
> "exploiting" the backdoor to get a directory listing, with "/TC" to
> get file creation times.  Most of what I've found has been dated last
> May, pointing to a likely sadmind (how does one pronounce that,
> anyway?) infection at that time.
>
>
> Anne.
> --
> Ms. Anne Bennett, Senior Analyst, IITS, Concordia University, Montreal H3G 1M8
> anne at alcor.concordia.ca                                        +1 514 848-7606
>

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Distributed Systems Manager            * PGP key:(afj2000) 1024/F67035E1 **
** Office of Information Technology, UMBC *        5D 44 1E 2E A6 7C 91 7A  **
** 410-455-2583 (v)/410-455-1065 (f)      *        C4 66 5F D5 BA B9 F6 58  **
------------------------------------------------------------------------------



More information about the unisog mailing list