| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5DA785C92D04A546B09F992FBC25C55E0722BA04@gs-exch1.guidancesoftware.com> From: mike.fowler at guidancesoftware.com (Fowler, Mike) Subject: unknown backdoor: 220 StnyFtpd 0wns j0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_K IBUV.B&VSect=T Mike ________________________________ From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ryan Sumida Sent: Thursday, September 23, 2004 10:42 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] unknown backdoor: 220 StnyFtpd 0wns j0 I've been finding a few compromised Windows systems on our campus that have a random port open with a banner of "220 StnyFtpd 0wns j0". All the systems seem to be doing SYN scans on port 445 and LSASS buffer overflow attempts. Anyone know what worm/bot is doing this? I don't have access to these machines so I can only get a network view of what the systems are doing. Thanks, Ryan -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQVMggXM87JWv+p9GEQKhlACgg5Bu7/7oNot2mojru42n4arvvtwAoK92 vCQLsHX37i7hK4P5vwMgrScD =rLJ1 -----END PGP SIGNATURE----- Note: The information contained in this message may be privileged and confidential and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040923/7e388a12/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: PGPexch.rtf.pgp Type: application/octet-stream Size: 1508 bytes Desc: PGPexch.rtf.pgp Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040923/7e388a12/PGPexch.rtf.obj
Powered by blists - more mailing lists