[unisog] Infected windows boxes with IRC controlled trojans on them

Mark Newman mnx at utk.edu
Wed Apr 10 20:30:31 GMT 2002


Can anyone comment on the method of exploit? 

Admin shares and anonymous enumeration have been the commonality with 
machines here...but, *how* was this done?

the IRC controlled machines here were apparently compromised the same way as 
machines found running w32time.exe (7000/tcp ...Ataman telnet)

I already know what files were placed on the compromised machines.

Would appreciate anyone's comments on the method.

Thanks,
Mark Newman
University of Tennessee



More information about the unisog mailing list