There is this new tool called [edited site - ee_ai_construct, cs admin]
It allows you to control the machine after uploading this onto the remove machine ( IIS )
Its an ASP file using Encoded VB Code....
We have the latest security updates installed and the CMD.exe and other files renamed. But this seems to be using some other SHELL available on windows to gain access to the remove machine.
It is a serious threat... imean really serious. Since it allows you do everything that a hacker would want to do with a remote machine. All with customised options available.
Is there any way to stop this happening on IIS / Win2k ??