lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: mike.fowler at guidancesoftware.com (Fowler, Mike)
Subject: unknown backdoor: 220 StnyFtpd 0wns j0

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_K
IBUV.B&VSect=T
 
 
 

Mike 

 

________________________________

From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ryan
Sumida
Sent: Thursday, September 23, 2004 10:42 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] unknown backdoor: 220 StnyFtpd 0wns j0



I've been finding a few compromised Windows systems on our campus
that have a random port open with a banner of "220 StnyFtpd 0wns j0".
 All the systems seem to be doing SYN scans on port 445 and LSASS
buffer overflow attempts.  Anyone know what worm/bot is doing this? 
I don't have access to these machines so I can only get a network
view of what the systems are doing. 

Thanks, 

Ryan

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQVMggXM87JWv+p9GEQKhlACgg5Bu7/7oNot2mojru42n4arvvtwAoK92
vCQLsHX37i7hK4P5vwMgrScD
=rLJ1
-----END PGP SIGNATURE-----
 
Note: The information contained in this message may be privileged and  
confidential and thus protected from disclosure. If the reader of this  
message is not the intended recipient, or an employee or agent responsible  
for delivering this message to the intended recipient, you are hereby  
notified that any dissemination, distribution or copying of this  
communication is strictly prohibited.  If you have received this  
communication in error, please notify us immediately by replying to the  
message and deleting it from your computer.  Thank you.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040923/7e388a12/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.rtf.pgp
Type: application/octet-stream
Size: 1508 bytes
Desc: PGPexch.rtf.pgp
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040923/7e388a12/PGPexch.rtf.obj

Powered by blists - more mailing lists