Troj/ServU - How to Prevent?

Hello,

I have been trying to research this "Serv-U" Virus, with the following
aliases, to figure out how it infects servers and how to prevent it. We have
a solution on how to remove the virus, we just need to know how it infects
servers and how to prevent it.

not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:

not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)
Hacktool (Symantec)
BackDoor.Servu.5000 (Doctor Web)
Troj/ServU-Gen (Sophos)
BDS/ServU.ba.1 (H+BEDV)
Win32:Trojano-356 (ALWIL)
Trojan.ServU.G (SOFTWIN)
Trojan.Servu.1 (ClamAV)
Bck/ServU.BB (Panda)

Does anyone have any helpful information on this virus?

Thanks,
-B

Try this in the public.security newsgroup.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Brock Hensley" <> wrote in message
news:95182E57-E171-41CE-9FBA-...
> Hello,
>
> I have been trying to research this "Serv-U" Virus, with the following aliases, to
> figure out how it infects servers and how to prevent it. We have a solution on how
> to remove the virus, we just need to know how it infects servers and how to
> prevent it.
>
> not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:
>
> not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)
> Hacktool (Symantec)
> BackDoor.Servu.5000 (Doctor Web)
> Troj/ServU-Gen (Sophos)
> BDS/ServU.ba.1 (H+BEDV)
> Win32:Trojano-356 (ALWIL)
> Trojan.ServU.G (SOFTWIN)
> Trojan.Servu.1 (ClamAV)
> Bck/ServU.BB (Panda)
>
> Does anyone have any helpful information on this virus?
>
> Thanks,
> -B
>
>

Peter,

Thank you, sorry for the mis-post, every instance I've seen of this
infection has been on Virtual Servers with Windows Server 2003 Web Edition
on them so figured this would suffice.

I've moved the post to "microsoft.public.security.virus".

Thanks,
-Brock

"Peter Foldes" <> wrote in message
news:...
> Try this in the public.security newsgroup.
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "Brock Hensley" <> wrote in message
> news:95182E57-E171-41CE-9FBA-...
>> Hello,
>>
>> I have been trying to research this "Serv-U" Virus, with the following
>> aliases, to figure out how it infects servers and how to prevent it. We
>> have a solution on how to remove the virus, we just need to know how it
>> infects servers and how to prevent it.
>>
>> not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known
>> as:
>>
>> not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)
>> Hacktool (Symantec)
>> BackDoor.Servu.5000 (Doctor Web)
>> Troj/ServU-Gen (Sophos)
>> BDS/ServU.ba.1 (H+BEDV)
>> Win32:Trojano-356 (ALWIL)
>> Trojan.ServU.G (SOFTWIN)
>> Trojan.Servu.1 (ClamAV)
>> Bck/ServU.BB (Panda)
>>
>> Does anyone have any helpful information on this virus?
>>
>> Thanks,
>> -B
>>
>>
>

In message <95182E57-E171-41CE-9FBA-> "Brock
Hensley" <> was claimed to have wrote:

>I have been trying to research this "Serv-U" Virus, with the following
>aliases, to figure out how it infects servers and how to prevent it. We have
>a solution on how to remove the virus, we just need to know how it infects
>servers and how to prevent it.
>
>not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:
>
>not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)
>Hacktool (Symantec)
>BackDoor.Servu.5000 (Doctor Web)
>Troj/ServU-Gen (Sophos)
>BDS/ServU.ba.1 (H+BEDV)
>Win32:Trojano-356 (ALWIL)
>Trojan.ServU.G (SOFTWIN)
>Trojan.Servu.1 (ClamAV)
>Bck/ServU.BB (Panda)
>

In short, it's not a virus at all, it's just an FTP server that is
trivially easy to embed into other malware. In other words, it's a
common choice FTP server used by script-kiddies.