At that, of course, explains why you haven't been answering email and
voicemail messages, eh? (grin) Just kidding! Actually, if you
haven't already found this, check out
for some great white papers about common exploits, and information about
the top vulnerabilities on NT/Win2k servers that can be easily
fixed/patched. I spent a lot of time at this site when I admisistered the
NT servers at AHDL. Also check out:
which has become something of the industry standard for discussion and
fixes on exploits and bugs in WinNT/2K/XP. Welcome to the wonderful world
of Microsoft System Admin. Makes me glad I'm working in a pure Netware
shop now.
-/John
>>>
[log in to unmask] 01/22/03 10:20AM
>>>
Wow....
That describes the activity that lead me to look
for the virus... curious.
And yes, found the backdoor.NTHack via a process it
creates,
"firedaemon.exe".
Thanks much!!
Deb
Deb
McKenna
Computer Systems Analyst
Student Athlete Support
Services
Michigan State University
239 Smith
Center
353-9161/office
432-0060/FAX
[log in to unmask]-----Original
Message-----
From: MSU Network Administrators Group [
mailto:[log in to unmask]]OnBehalf
Of Rob Neary
Sent: Wednesday, January 22, 2003 10:15 AM
To:
[log in to unmask]Subject: Re: Recent hacking activity on
campus
I'm not sure which worm/virus this is, but I'd like to share
an
interesting back-door-type attack we had on some of our systems a
couple
weeks ago...
For anyone who runs Microsoft SQL server, you are
probably familiar with
the fact that the "root" account (called SA), is
installed under v7.0
and possibly 2K (don't remember) with no password.
This poor choice on
Microsoft's part also trickles down to their desktop
product - MSDE
(Microsoft Database Engine) - which I'm finding a lot of
packages now
come with as their desktop database solution. There are
script-worms
that are designed to exploit this, and what we saw was a typical
FTP
Dump site setup on two machines.
If you install anything that uses
MSDE, you might want to take a look at
this article to change the SA
password:
"HOW TO: Verify and Change the System Administrator Password by
Using
MSDE"
http://support.microsoft.com/default.aspx?scid=kb;en-us;322336Safe
computing :)
Rob
Neary
Senior Computer Systems
Specialist
Medical School Information
Systems
email:
[log in to unmask]>
-----Original Message-----
> From: MSU Network Administrators
Group
> [
mailto:[log in to unmask]] On Behalf Of
Deb McKenna
> Sent: Wednesday, January 22, 2003 9:50 AM
> To:
[log in to unmask]> Subject: Recent hacking activity on
campus
>
>
> Good morning,
>
> Hopefully this is
the proper place to post this. Has anyone
> else recently (as in the
past week) gotten attacked via the
> backdoor.NTHack virus? (Win2k
Server). One of my students
> mentioned that another department may
have gotten this.
>
> If you have *any* experience with this, I
would welcome any
> and all suggestions.
>
> Thanks
much,
>
> Deb
>
> Deb McKenna
> Computer Systems
Analyst
> Student Athlete Support Services
> Michigan State
University
> 239 Smith Center
> 353-9161/office
>
432-0060/FAX
>
>
[log in to unmask]>