harshul at ealcatraz
Sep 13, 2002, 6:02 AM
Post #1 of 1
(63 views)
Permalink
|
|
win2k incident -- been hacked
|
|
Hello there ,
has anyone come accross a worm or an incident where the files are getting wiped out the server runing win2k ,
we had a incident in one of the departments .
Our 3 servers been wiped out
Ø Domain controller (win2k server)
Ø Proxy server / Firewall (win2k server running ISA firewall)
Ø Mail server (win2k server running Microsoft Exchange)
the common factor in all breakins is a file called readme.bat and in the later incidents it's been replaced on to autoexec.bat.
we have currently patched the server and are monitoring the network with sniffers and IDS ....
the command used in both the batch files is del *.* /s/f/q
thanking you in anticipation ...
-regs
Harsh
|
