[unisog] Infected windows boxes with IRC controlled trojans onthem
mnx at utk.edu
Thu Apr 11 19:52:56 GMT 2002
Why hasn't any EDU CERT organization or SANS commented on this? I realize
this is *seemingly* the use of a well known vulnerability but, the kit's
footprint has to be unique enough to be worthy of mention somewhere. I know
it *resembles* GT/Bot.
The trojaned w32time.exe is also widespread enough to be worthy of mention.
I've counted 8 or 10 organizations on this list that have seen
this...everyone on 3/22?
We had machines on campus that were considered to be secure, had excellent
admin passwords, and are managed by very competent admins that were still
affected by the w32time.exe trojan. No way could they have cracked the
passwords with a brute force attack and not be spotted. Something is odd
about all this but, I don't know what it is yet.
University of Tennessee
More information about the unisog