Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Windows 98 box is 'owned'

from [Akins, Keith A (EM, ITS)] Network Security [Permanent Link]
Subject: RE: Windows 98 box is 'owned'
Date: Thu, 30 Sep 2004 16:54:33 -0400 
 This a actually a virus. Mydoom if I remember right. It looks for any
folder named download and makes copies of itself with various names like
you mentioned. Download the fix tool from Symantec. 

-----Original Message-----
From: Darren Kirby [mailto:bulliver@badcomputer.no-ip.com] 
Sent: Wednesday, September 29, 2004 10:04 PM
To: security-basics@securityfocus.com
Subject: Windows 98 box is 'owned'

Hello all,

I am writing this on behalf of my Mom. She was complaining that her
computer was sluggish, and that her HD space was getting used up faster
than it should. So I went over and fired up my trusty Linux live cd and
had a look.

Anyway, I found a directory right in C: named 'Downloads', and inside
were about 50 or so files, which were all warez, porn, windows exploits
and cracker 'howto's. Quite obviously this computer is owned, and is
being used as a warez server. I deleted the files, booted win, but they
reappeared after about 10 minutes. The strange thing is that these files
are ALL 29k, and all have filenames like:

Adobe Photoshop crack.exe
Smashing the Stack.txt.exe
Eminem - full album.mp3.exe
Office 2003 full.exe
...
On further inspection I found an identical directory at
C:/windows/Downloaded Program Files/. God only knows how many trojans
and other nasties are sprinkled around...

So I yanked the power cord out of her adsl modem, and told her not to
plug it back in unless she was checking her mail. Bad advice for sure,
but try telling your mom that her computer is rooted by punk kids and it
is too cracked to have safe internet access at all. Seems that a
complete OS reinstall is in order, but it seems to me that if they can
own her box once they can own it again just as easy, which leads me to
this list...I would like to try some investigating, and try to figure
out where the backdoor is, what exactly they are doing...and of course
how to prevent it.

Some background on myself...I am a Linux sysadmin, and have a great deal
of experience with UNIX operating systems...however, I have never run a
windows box, and have only used one in the 'point-and-drool' sort of
way. So I really know nothing of how the underlying OS works (or
doesn't...). 

So I guess I am just asking for some opinions of the situation, and
perhaps some links to docs about this type of attack, and how to prevent
it. Also, any software along the lines of chkrootkit or other forensic
tools, but for windows would be a big help.

TIA
-d
--
Part of the problem since 1976
http://badcomputer.no-ip.com
Get my public key from
http://keyserver.linux.it/pks/lookup?op=index&search=bulliver
"...the number of UNIX installations has grown to 10, with more
expected..."
- Dennis Ritchie and Ken Thompson, June 1972
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Windows 98 box is 'owned', Bermingham, Bob
Next by Date:  RE: Looking for some good sources, Corio, Jim
Previous by Thread:  RE: Windows 98 box is 'owned', Bermingham, Bob
Next by Thread:  RE: Windows 98 box is 'owned', OTTO, DOUGLAS P.
Indexes:  [Date] [Thread] [Top] [All Lists]