Vulnerability * IIS

This should be of interest to anyone running Microsoft's Internet
Information Service (IIS). The Windows 2000 Newsletter this week pointed
out that many servers running IIS may be vulnerable to outside control
because of a Trojan Horse (typically a program left on your server that
allows a cracker access to your system). There is a simple diagnosis and
remedy:

This trojan is called root.exe. The worms rename an NT's cmd.exe to root.exe
and place it in a folder that is accessible from the Web. With that in
place, a cracker using just a Web browser can send a range of commands to
the server. That server is no longer secure and any sensitive data can be
pulled off.

Unfortunately (or fortunately, depending on your perspective), I found this
on my web server in the InetPub\scripts folder.

Getting the word out to as many system admins as possible is the key to
preventing this from being a huge problem.

======================
Steve Sanders
Delta Centrifugal Corp