[simpits-tech] New file uploaded to Simpits by aaa.
Gene Buckle
simpits-tech@simpits.org
Thu, 22 May 2003 06:55:54 -0700 (PDT)
> At 10:17 22/05/03 +0700, you wrote:
> >Yes, James. I did ran a virus test on any suspecious files. Just want to
> >know "what it really is?" :) Anyway, thanks for the tip.
>
>
> The file itself (I think) was some sort of telnet application (the lack of
> a file extension is a common trick when moving files around - they can be
> added later.) Telnet allows someone to connect one computer to another
> computer. Once a telnet connection is established, the user can then log in
> to that computer and execute commands remotely on that computer through the
> telnet interface.
>
> We used to do it all via Telnet and command lines in the good old days .... ;)
>
The file was a telnet daemon. The lack of a file extension in this case
isn't indicative of anything - telnetd like most or all UNIX programs have
no extension.
What the intrepid script kiddie obviously didn't know is that the web
server will only execute applications that it is allowed to. A program
like telnetd isn't even something the web server could execute, even if it
did have permission to do so. Any "cracker" that's worth a pile of
steaming excrement knows this. This dork obviously isn't even worth THAT
much. :)
You should see the array of php attack scripts that I've collected since I
put the upload page into place. It's impressive. :)
g.