Can viruses be planted on a server?

[JM]

Could a disgrunted former IT person who had access to a Win2k server via RDP
intentionally plant viruses on the server? If so, would there be a way to
trace the evidence?

thank you,

jm

 

[pcbutts1]

Yes.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[JM]

Thank you for your response.

Would that be "yes" to both questions. And, if so, what measures might be
taken to trace the evidence?

thank you,

jm

 

[pcbutts1]

That's yes to both. Security logs can be used to track them along with the
file creation date and network traffic logs.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Gabriele Neukam]

On that special day, JM, ([email protected]) said...

Could a disgrunted former IT person who had access to a Win2k server via RDP
intentionally plant viruses on the server?

If the server hasn't been patched properly, and you didn't remove his
account properly, yes. There's lots of information on the net, how to
escalate privileges and similar things.

I had a look at Google which tindicates that the RDP itself doesn't
allow for changing user rights, but if the tech could do *anything*
that creates files on the server, it might open a barn door for him.

Proving the maclicious action will be not that easy, if (s)he had
access to the logfiles and could modify them. Also, you should bear in
mind that there are viruses (or rather worms) that make their way in by
abusing weak services, that answer to unauthorized and malformed
requests; so this could be just a coincidence.


Gabriele Neukam

(e-mail address removed)