Microsoft now says that it has solved the Windows 2000 Server hacking mystery that troubled the company last week. Microsoft says the problem wasn't a new security vulnerability but the result of systems administrators failing to apply long-available OS patches to servers. Perhaps more important, intruder attacks have decreased dramatically during the past several days, leading Microsoft to suspect that the worst is over.
"By analyzing computers that have been compromised, Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature," the company writes in a security advisory (see the URL below) that describes the problem. "Instead, the attacks seek to take advantage of situations where standard precautions have not been taken. The activity appears to be associated with a coordinated series of individual attempts to compromise Windows 2000-based servers. As a result, successful compromises leave a distinctive pattern."
To prevent attacks, administrators simply need to follow timeworn security advice and stay up-to-date about security patches, advice that amounts to common sense. For example, Microsoft recommends that administrators eliminate blank or weak passwords, disable guest accounts, and use current antivirus software and firewalls.
Microsoft: MIRC Trojan-Related Attack Detection and Repair