Diary of a Network Administrator: Julia Roberts and COM1 Folders
Do you like movies? I do. There's something great about turning off the phone, shutting down email, and dimming the lights for a night of movies. Make a bowl of popcorn, mix in some M&Ms candy, and then press Play. I like spy thrillers, courtroom dramas, and yeah, I'll admit it, the occasional "chick flick." I am a real sucker for Julia Roberts.
Recently, a client called because his server likes movies, too. Well, I guess his server is impartial to movies, but the guy who hacked into his server? He sure likes movies. This hack filled up a healthy portion of my client's hard drive with a few recent thrillersincluding "The Bourne Identity." Too bad that this version of the thriller was dubbed in German.
Truth be known, the hacker wasn't much of a hack. My client, a competent IT director, had accidentally left his FTP server open for anonymous access. But don't start pointing fingers and say, "Serves you right." It was purely an accident, an oversight, and an assumption that nobody would be doing something this wild on his server. Live and learn.
Movies, Apps, and Money
So what's the point of parking movies on servers? And how do hackers find servers that have FTP open anyway? Here's what these jokers are doing: They use a port-scanning tool against a range of IP addresses. This port-scanning utility reports which IP addresses have FTP services available. Next, they test which IP addresses with FTP services have anonymous Write permissions open. Now they've found a home, temporary or long-term, for anything they want to throw on the drive.
The dark corners of the web are full of guys who say, "Pssst Hey, buddy. $9.00 will get you tons of free movies, copied software, and other goodies. All you have to do is download them." These crooks copy DVDs, applications, and other copyrighted material to these FTP sites they've exploitedand then sell access to them. Now their paying customers connect to the FTP servers and download the stolen software, movies, and whatnotall on someone else's bandwidth dime. Nice racket, Tony Soprano.
In the case of my client, the "hacker" parked several movies on the hard drive. The tricky tricky thing here isn't the port scan or the anonymous access to the file system through FTP. The intruder was able to create a deep directory structure that included a folder called COM1. Seems innocent enough, right? COM1 is a reserved name in the family of Microsoft operating systems. You can't create a folder named COM1at least not with standard Microsoft operating system tools.