I'm not sure which worm/virus this is, but I'd like to share an
interesting back-door-type attack we had on some of our systems a couple
weeks ago...
For anyone who runs Microsoft SQL server, you are probably familiar with
the fact that the "root" account (called SA), is installed under v7.0
and possibly 2K (don't remember) with no password. This poor choice on
Microsoft's part also trickles down to their desktop product - MSDE
(Microsoft Database Engine) - which I'm finding a lot of packages now
come with as their desktop database solution. There are script-worms
that are designed to exploit this, and what we saw was a typical FTP
Dump site setup on two machines.
If you install anything that uses MSDE, you might want to take a look at
this article to change the SA password:
"HOW TO: Verify and Change the System Administrator Password by Using
MSDE"
http://support.microsoft.com/default.aspx?scid=kb;en-us;322336
Safe computing :)
Rob Neary
Senior Computer Systems Specialist
Medical School Information Systems
email: [log in to unmask]
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of Deb McKenna
> Sent: Wednesday, January 22, 2003 9:50 AM
> To: [log in to unmask]
> Subject: Recent hacking activity on campus
>
>
> Good morning,
>
> Hopefully this is the proper place to post this. Has anyone
> else recently (as in the past week) gotten attacked via the
> backdoor.NTHack virus? (Win2k Server). One of my students
> mentioned that another department may have gotten this.
>
> If you have *any* experience with this, I would welcome any
> and all suggestions.
>
> Thanks much,
>
> Deb
>
> Deb McKenna
> Computer Systems Analyst
> Student Athlete Support Services
> Michigan State University
> 239 Smith Center
> 353-9161/office
> 432-0060/FAX
>
> [log in to unmask]
>
|