Lots of infections Posted on March 26th, 2004 by

It seems like almost every Windows computer on campus is infected these days. Ok, well maybe not every one, but some times it sure feels like it. Anyway one of the things I am seeing a lot these days is macines trying to connect to irc servers and listening for commands. I think that is a symptom of at least one or more recent viruses. Also I have seen a number of machines listening for FTP traffic on port 23, the telnet port. If I telnet or FTP there I get a banner page like this:

220-Microsoft FTP Service (Version 5.0)
220-===================--------========================
220-THIS IS A PRIVATE FTP SITE - AUTHORIZED ACCESS ONLY
220-============-------========-=======================
220-         YOUR IP : 138.236.xxx.xxx Has Been Logged
220-===================================================
220-================-------============================
220-
220-You are Connecting From 138.236.xxx.xxx
220-The Local time is 10:20:55, 
220-2 users have visited in the last 24 hours.
220-This server has been running since 
220-1 Days, 12 Hours, 42 Mins, 26 Secs
220-
220-===========================================
220-
220-Amout of Logins Since Server Started:   0 total
220-Logged in Users:     1
220-Total Kb downloaded:     0 Kb 
220-Total Kb uploaded:       0 Kb
220-Amout of Files downloaded:  0 
220-Amout of Files uploaded:    0
220-Average Speed: 0.000 Kb/sec
220-Current Speed: 0.000 Kb/sec
220-Free Disk Space:   14901.54 KB
220-
220 ===========================================

I am still not really sure what that is, but I don’t think the users put it there themselv’s. All I know about it so far is a little bit of info from this website: http://www.brown.edu/Research/SysAdmins/news/

If anyone knows more about it, I’d love to hear it.

 

Comments are closed.