[unisog] Infected windows boxes with IRC controlled trojans on them
mnx at utk.edu
Wed Apr 10 20:30:31 GMT 2002
Can anyone comment on the method of exploit?
Admin shares and anonymous enumeration have been the commonality with
machines here...but, *how* was this done?
the IRC controlled machines here were apparently compromised the same way as
machines found running w32time.exe (7000/tcp ...Ataman telnet)
I already know what files were placed on the compromised machines.
Would appreciate anyone's comments on the method.
University of Tennessee
More information about the unisog