[unisog] Windows 2000 break-ins
jeff01 at email.unc.edu
Thu Sep 5 22:06:16 GMT 2002
I think that Microsoft document is a stab in the dark. We've been
seeing similar attacks all summer long, and they are continuing. The
name of the files on compromised systems varies enormously to the point
that you really can't predict, or even look for similar patterns. Most
all of these are related to having blank administrator passwords. The
KB article offers nothing new really. What you should really be
watching for are connections to IRC servers (particularly XDCC traffic),
and monitoring the bandwidth those connections are consuming.
Gary Flynn wrote:
> A few months ago, there was a spate of break-ins that
> involved IRC floods and backdoor trojans. I believe that
> weak or nonexistent Administrator passwords were
> thought to be partially at fault.
> I just ran across a Microsoft security bulletin warning
> of a new spate of what looks to me to be similar incidents.
> Anyone seeing anything?
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the unisog