Mystery W2K attacks show need for patches

Malicious code is being downloaded onto Windows 2000 servers in a series of attacks that bypass anti-virus software and underline...

Eric Doyle

Published: 12 Sep 2002 1:00

Malicious code is being downloaded onto Windows 2000 servers in a series of attacks that bypass anti-virus software and underline the importance of keeping up with Microsoft's security patches.

Microsoft is baffled by these latest exploits and will only say that a "significant number" of servers have been affected.

Gunter Ollmann, manager of Internet Security Systems' X-force security assessment service, said the problem does not appear to be a worm but may be an automated brute force attack that searches the Internet for vulnerable servers.

Brute force attacks usually bombard servers with a dictionary of potential passwords to find a victim but Ollmann said this may be a variant that seeks out unsecured ports.

The attacks could be extremely serious because the exploit installs a backdoor to systems for future access and can change Active Directory security permissions to create unauthorised accounts with administrator privileges.

Microsoft's advice on finding and eradicating the problem can be found at http://support.microsoft.com/default. aspx?scid=kb;en-us;Q328691

Read more on Antivirus, firewall and IDS products

Cyber weapons readily available to criminals, researchers warn Security researchers have discovered an attack campaign infrastructure designed to scan, brute-force and infect tens of thousands of MS-SQL and PHPMyAdmin servers

reverse brute-force attack A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.

brute force attack Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

QakBot malware: How did it trigger Microsoft AD lockouts? QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.

Release of Mirai IoT botnet malware highlights bad password security Mirai, the IoT botnet malware code used in the massive DDoS attack on Brian Krebs' website, has been released to the public and highlights a problem of using default passwords.

United Airlines begins bug bounty payouts United Airlines has paid out the maximum award to two hackers, which means the flaws are likely to be remote code execution vulnerabilities

SearchCIO

Mystery W2K attacks show need for patches

Malicious code is being downloaded onto Windows 2000 servers in a series of attacks that bypass anti-virus software and underline...

Read more on Antivirus, firewall and IDS products

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

Shell, Halliburton, Unibap AB execs share real-world AI strategies

SearchSecurity

Ideal DevSecOps strategy requires the right staff and tools

City of Pensacola hit by ransomware attack

Ryuk ransomware change breaks decryption tool

SearchNetworking

Silver Peak SD-WAN orchestrator scales to thousands of sites

Test your knowledge of SD-WAN deployments and testing

4 SD-WAN vendors integrate with AWS Transit Gateway

SearchDataCenter

Refresh your data center cooling lexicon

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

SearchDataManagement

Aerospike 4.8 advances database persistent memory support

Data warehouse technologies evolve as vendors look skyward

How to streamline feature engineering for machine learning

Read more on Antivirus, firewall and IDS products

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.