[26948] in bugtraq
Re: All versions of windows infected?
daemon@ATHENA.MIT.EDU (Axel Pettinger)
Sat Sep 7 12:38:49 2002
Message-ID: <3D79B2C9.D277B6A4@epost.de>
Date: Sat, 07 Sep 2002 10:03:21 +0200
From: Axel Pettinger <api@epost.de>
MIME-Version: 1.0
To: Iamhatingit@aol.com, bugtraq@securityfocus.com,
focus-virus@securityfocus.com, incidents@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Iamhatingit@aol.com wrote:
>
> I have been doing research on one of the latest problems with all
> microsoft products but with little success. it appears that someone or
> some system is infecting and rooting all types of windows boxes. no
> one really knows how or by what method this is bieng done by. But
> virus and worm have been rulled out. here is more information on the
> matter if you dont allready have it.
> http://www.techtv.com/news/security/story/0,24195,3398556,00.html
Maybe you should also read Microsoft's Knowledge Base Article (Q328691)
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328691>, then
you'll see that the backdoor trojan is known and also the (worm-like)
intrusion technique used by this malware is certainly not new. See also
the following post and follow the link mentioned in it ...
<http://groups.google.com/groups?as_umsgid=3D7794D5.2BDA1B37%40epost.de>
> but my question is i have found one of the files in my system
> in zipeed files that have not been updated in 6 months
> the file name is WS_ftp and here is the source
> hope some of this helps..
>
> [Ipswitch]
> HOST=ftp.ipswitch.com
> UID=anonymous
[snip]
This file doesn't belong to the trojan package. Apart from that, forget
the file names as they can be easily changed ...
Regards,
Axel Pettinger
