Prev: Avira Manual Update Failure
Next: Warning: Spyerase intentionally erases BugHunter from your machine
From: Default User on 31 Jan 2007 16:59

Does anyone know of a virus/trojan/worm that automates ftp login attempts
as administrator and if access is gained attempts to delete a directory
named "sarcaxxo"? I can find several examples of it happening in logs
posted on the internet but no one seems to know why that particular
directory is being targeted. The access attempts apparently cease once it
has executed the RMD command.
From: Default User on 1 Feb 2007 08:58
On Wed, 31 Jan 2007 16:59:19 -0500, Default User <default(a)user1.invalid>
wrote:

>
>Does anyone know of a virus/trojan/worm that automates ftp login attempts
>as administrator and if access is gained attempts to delete a directory
>named "sarcaxxo"? I can find several examples of it happening in logs
>posted on the internet but no one seems to know why that particular
>directory is being targeted. The access attempts apparently cease once it
>has executed the RMD command.

FYI - this turned out to be the Multi-thread FTP scanner written by inode
that uses an integrated dictionary for brute force attacks.
 | 
Pages: 1
Prev: Avira Manual Update Failure
Next: Warning: Spyerase intentionally erases BugHunter from your machine