September 6th, 2002, 15:26 PM
PSS Hacking Alert
The Microsoft Product Support Services (PSS) Security Team is issuing an alert about an increased level of hacking activity that the PSS Security Team has been tracking. The activity seems to involve similar hacking attempts. These hacking attempts show similar symptoms and behaviors. The PSS Security team has isolated the major similarities. This article lists these similarities, so that you can take any appropriate action to:
Detect these hacking attempts.
Respond to any hacking attempts you detect.
Impact of Attack
Compromise of computer, denial-of-service because of security policy changes.
You may experience one or more of the following symptoms: :
Possible detection of Trojans such as Backdoor.IRC.Flood and its variants. This might include related Trojans with similar functionality. These Trojans may not necessarily be detected by your antivirus software after the hacker has made modifications to your computer.
Modification of the security policy on domain controllers. Some of the possible effects of a modified security policy are:
Previously-disabled guest accounts have been re-enabled.
Changed security permissions on your servers or in Active Directory.
No one can log on to the domain from the workstations.
Cannot open Active Directory snap-ins in the MMC.
Error logs show multiple failed logon attempts from legitimate users who were locked out.
Microsoft Knowledge Base Article - Q328691