Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : Ask Michael Burke -- Ignore unavailable to you. Want to Upgrade?

To: Terry Maloney who wrote (79547)	4/14/2000 4:46:00 PM
From: benwood	Read Replies (1) \| Respond to of 132070

Re: Frontpage backdoor. I found the file dvwssr.dll on my NT computer, and sent it to my UNIX box and ran "strings" on it -- a function that looks for ASCII strings in any file. Interesting... the backdoor is actually in cleartext, and it's exactly inverted from what the press release mentions. Sorry for the techno-geek entry on a bubble-double-trouble day, but it is interesting to me. Boldfacing is mine -- keep in mind that the backdoor password is spelled backwards from the easily remembered phrase (for Microsofties anyway). mycomputer/export/home/ben 8=> strings dvwssr.dll !This program cannot be run in DOS mode. .text `.rdata @.data .idata .rsrc @.reloc >%u: D$4h D$4j ]_^[ t;5 D$4j D$<" DVWSSR.DLL DllMain GetExtensionVersion HttpExtensionProc /global.asa .asp !seineew era sreenigne epacsteN* HTTP/1.0 404 Object Not Found XWebScope Source Retriever _refresh_acls_ Content-type: text/html KERNEL32.dll lstrcmpiA lstrcpynA CloseHandle ReadFile CreateFileA lstrlenA lstrcpyA GetModuleFileNameA lstrcmpA 1!1-141H1O1 2q2}2 `0d0 dvwssr.dbg ssr.dll