Troj/ServU - How to Prevent?

Discussion in 'Server Security' started by Brock Hensley, Apr 2, 2009.

  1. Hello,

    I have been trying to research this "Serv-U" Virus, with the following
    aliases, to figure out how it infects servers and how to prevent it. We have
    a solution on how to remove the virus, we just need to know how it infects
    servers and how to prevent it.

    not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:

    not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)
    Hacktool (Symantec)
    BackDoor.Servu.5000 (Doctor Web)
    Troj/ServU-Gen (Sophos)
    BDS/ServU.ba.1 (H+BEDV)
    Win32:Trojano-356 (ALWIL)
    Trojan.ServU.G (SOFTWIN)
    Trojan.Servu.1 (ClamAV)
    Bck/ServU.BB (Panda)

    Does anyone have any helpful information on this virus?

    Thanks,
    -B
     
    Brock Hensley, Apr 2, 2009
    #1
    1. Advertisements

  2. Brock Hensley

    Peter Foldes Guest

    Try this in the public.security newsgroup.
     
    Peter Foldes, Apr 2, 2009
    #2
    1. Advertisements

  3. Peter,

    Thank you, sorry for the mis-post, every instance I've seen of this
    infection has been on Virtual Servers with Windows Server 2003 Web Edition
    on them so figured this would suffice.

    I've moved the post to "microsoft.public.security.virus".

    Thanks,
    -Brock
     
    Brock Hensley, Apr 2, 2009
    #3
  4. Brock Hensley

    Dave Warren Guest

    In message <> "Brock
    In short, it's not a virus at all, it's just an FTP server that is
    trivially easy to embed into other malware. In other words, it's a
    common choice FTP server used by script-kiddies.
     
    Dave Warren, Apr 2, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.