[thelist] failure notice (& CF TIP)
John Best
john.best at simplytrading.com
Wed Sep 19 10:17:53 CDT 2001
As a little note..removing root.exe is possibly not sufficient.
As root.exe allows people access to your system you will also need to
have a good poke around and ensure that nothing has been added/changed.
(in an ideal world you would rebuild from safe backups, apply patches
and then reconnect)
Things hackers may do include
1.) Add additional backdoors/trojans.
2.) set registry keys to run code when the computer boots-starting a
rogue service or something.
3.) add users/ elevate users privalages.
I have no idea how one goes around convining yourself that it's all
safe.
Sorry to be such a dampner, but a false sense of security is very
dangerous.
John Best
ps....I read a book and it scared me.
>
> Hi Dan!
>
> If one has that file, does it mean that the server *has* been
> infected by a
> worm, or is it that the file is a security loophole?
>
> I ask because root.exe is on our Win 2000 server, but as that
> is sitting
> behind what I consider to be a *very* secure firewall I find
> it hard to
> believe that anyone has compromised our box.
>
> Having found the file, is there anything else in particular I
> should be
> looking for?
>
> .steve
>
>
> ----------------------------------
> WapWarp - http://wapwarp.com
> Wap-Dev - http://www.wap-dev.net
> Cookstour - http://cookstour.org
> ----------------------------------
>
> > -----Original Message-----
> > From: Daniel J. Cody [mailto:djc at starkmedia.com]
> > Sent: den 19 september 2001 16:06
> > To: thelist at lists.evolt.org
> > Subject: Re: [thelist] failure notice (& CF TIP)
> >
> >
> > One more tip while people are tossing them about about virii
> > and windows..
> >
> > Search your IIS server for a file called root.exe and delete
> > it - if you
> > have it you've been compromised. *NO* patches from MS delete
> > this file.
> >
>
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
>
> --------------------------------------------------------
>
> The contents of this e-mail are confidential to the ordinary
> user of the e-mail address to which it was addressed, or in
> the case of an incorrectly addressed e-mail message, the
> intended recipient. No-one else may copy, use, disseminate or
> forward all or any part of it in any form.
>
> Although this email, including any attachments, is believed
> to be free of any virus, or other defect which might affect
> any computer or IT system into which it is received and
> opened, it is the responsibility of the recipient to ensure
> that it is virus free, and no responsibility is accepted for
> any loss or damage arising in any way from its use.
>
> The views expressed in this e-mail are those of the sender
> and not necessarily the employees company.
>
> If you receive this e-mail in error please accept our
> apology. If this is the case we would be obliged if you
> would contact the sender and then delete the e-mail.
>
> --------------------------------------------------------
>
More information about the thelist
mailing list