[unisog] Windows 2000 break-ins

Jeff Bollinger jeff01 at email.unc.edu
Thu Sep 5 22:06:16 GMT 2002


I think that Microsoft document is a stab in the dark.  We've been 
seeing similar attacks all summer long, and they are continuing.  The 
name of the files on compromised systems varies enormously to the point 
that you really can't predict, or even look for similar patterns.  Most 
all of these are related to having blank administrator passwords.  The 
KB article offers nothing new really.  What you should really be 
watching for are connections to IRC servers (particularly XDCC traffic), 
and monitoring the bandwidth those connections are consuming.

Jeff

Gary Flynn wrote:
> A few months ago, there was a spate of break-ins that
> involved IRC floods and backdoor trojans. I believe that
> weak or nonexistent Administrator passwords were
> thought to be partially at fault.
> 
> I just ran across a Microsoft security bulletin warning
> of a new spate of what looks to me to be similar incidents.
> Anyone seeing anything?
> 
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328691
> 

-- 
Jeff Bollinger
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzETQsACgkQvoVlxVBmgsXunQCg1Pjc14nTjWiP8FCy+NNDK97E
HMAAoIRhikBeM5Lm+6Iu/0h3MX6lDgiR
=LpiV
-----END PGP SIGNATURE-----



More information about the unisog mailing list