[unisog] PC hack
dmmcgove at hotmail.com
Thu Mar 28 15:41:04 GMT 2002
Accounts with no passwords? What were you thinking? Since you can never be
sure that a hacked machine has been fully cleaned, the only option is to
fdisk and reinstall from a trusted backup.
>From: Jenett Tillotson <jtillots at sparky.pharmacy.purdue.edu>
>To: unisog at sans.org
>Subject: [unisog] PC hack
>Date: Thu, 28 Mar 2002 09:57:16 -0500 (EST)
>We had 3 PC's running Windows 2000 broken into on Tuesday, March
>26th. These were machines with accounts that had no passwords. The
>hacker created new accounts with administrative privleges and named them
>"autodll" and "nt4backup". The hacker started up the telnet service and
>had set it to automatic. A Serv-U FTP server was running and had been
>installed in a hidden directory. The administrative icons were missing
>from the control panel and the event log had been cleared up to the date
>of the attack. These machines were brought to our attention because the
>user was then unable to login to their account.
>I'm curious if anyone else has seen a similar attack and what else should
>we be looking for?
>School of Pharmacy
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the unisog