Windows Systems Hit by Unusual Attacks
A vague alert issued by MS Product Support Services warns that the company has been tracking a new rash of hacking activity targeting Windows XP and 2000 servers. Victims have experienced modified security policies on the domain controller, which prevent legitimate users from logging on to a network. In addition, a trojan application named taskmngr.exe (not the legitimate taskmgr.exe) appears to open a backdoor for remote access. Other files found on compromised systems include Gates.txt, Gg.bat, and seced.bat. See the advisory for more details, though it admittedly offers very little help – they aren’t sure how the files are getting on hacked systems in the first place. Wired also has coverage of the story.
(N-Stalker Security Force)