Furthermore, if the brown stuff does hit the fan and valuable data is compromised because of this; the people who don't know jack about IT are going to ask the people who do know about IT what steps they took to secure their network. And its usually the guys who don't know jack about IT who know a lot about exit doors and dismissal proceedings.
If you get my drift....... Regards Mr Louis Joyce Data Support Analyst BT Ignite eSolutions -----Original Message----- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: 14 March 2002 19:11 To: Exchange Discussions Subject: Re: MSX5.5 hacked As others have pointed out your IIS server got hacked; Exchange itself is probably fine but I would bet your passwords have been compromised. Back up Exchange and any data you want to keep. Flatten this box, reinstall and put the ding-dang security hotfixes on it before putting it back on the network. Then restore Exchange (the disaster recovery whitepaper will come in handy here). Change ALL your passwords. All of them. I'm not kidding at all: you don't know to what extent your enterprise has been compromised. ----- Original Message ----- From: "Bravo, Liliana" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, March 14, 2002 11:34 AM Subject: MSX5.5 hacked > HI all > MSX5.5/SP4 > > We have found ftp1.exe, nc.exe and cmd1.exe in c:\inetpub also nc.exe and > ftp1.exe are running in memory. After reading our logfiles those files are > there since Feb 24. Does anybody know what kind of hack is that and how to > get red of those whitout causing any post-hack attack. > > Tia > -er > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]