| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <008401c25b25$c16a4540$6702a8c0@tr> From: harshul at ealcatraz.com (Harshul Nayak (lealcatraz)) Subject: win2k incident -- been hacked Hello there , has anyone come accross a worm or an incident where the files are getting wiped out the server runing win2k , we had a incident in one of the departments . Our 3 servers been wiped out ? Domain controller (win2k server) ? Proxy server / Firewall (win2k server running ISA firewall) ? Mail server (win2k server running Microsoft Exchange) the common factor in all breakins is a file called readme.bat and in the later incidents it's been replaced on to autoexec.bat. we have currently patched the server and are monitoring the network with sniffers and IDS .... the command used in both the batch files is del *.* /s/f/q thanking you in anticipation ... -regs Harsh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020913/d59106c9/attachment.html
Powered by blists - more mailing lists