CNET también está disponible en español.

Ir a español

Don't show this again

AOC starts Twitch channel 2020 Orionid meteor shower Walmart Black Friday Stimulus negotiations Fauci warns against thinking pandemic is nearly over Control Game of Thrones star in live game iPhone 12 and 5G

Server attacks stump Microsoft

The company releases further details of a rash of attacks on Windows 2000 servers that has so far stumped the software giant's research team.

Microsoft released further details of a rash of attacks on Windows 2000 servers that has so far stumped the software giant's research team.

In an advisory posted Aug. 30, Microsoft warned customers that several companies had recently observed an "increased level of hacking activity." Microsoft Product Support Services (PSS) told system administrators to be on the lookout for Trojan horses--programs that appear to be legitimate but aren't--and for several specific kinds of odd network behavior.

On Wednesday, Mark Miller, a security specialist for Microsoft PSS, said that the attacks seemed to be ongoing, but at a much reduced level.

"We saw a pretty sharp spike," he said, adding that "we definitely consider this to be hacker activity and not worm activity."

Microsoft has only been able to characterize the attacks by certain files that each compromised machine has in common and that compromised machines have all been running Windows 2000.

One file, "gg.bat," attempts to connect to other computers using various administrator accounts. If successful, the file will then copy other files over to the compromised system. This behavior is usually considered characteristic of a worm. But Miller stressed that because the file doesn't copy itself to the victim's hard drive, it shouldn't be considered a worm.

Another file, "seced.bat," changes security settings on the compromised system. This attack could make it easier for a vandal to later log on to the computer and use the system. A third file, "gates.txt," contains a list of numerical Internet addresses. Microsoft, however, is unsure whether they are addresses of compromised systems, computers to be targeted or some unrelated list.

While the company wouldn't say how many machines or customers had been victims of the attacks, Miller did say that "it has been a significant number."

With the rate of compromise apparently declining, however, Microsoft seems willing to wait before referring incidents to the Microsoft Security Response Center, the company's internal clearinghouse for information on flaws and bugs. Miller explained that the company has not been able to determine whether the attack uses some newly discovered flaw in its operating system or just finds success because a system's Windows 2000 system patches are out of date.

"We are still monitoring the situation, and we are looking into it," Miller said.