[Am-info] Just another reason why NOT to run '2000!
Fred A. Miller
fm@cupserv.org
Thu, 6 Dec 2001 16:02:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From an e-list.
Fred
_______________
Hello.
This week, two different departments here reported discovering
Backdoor.RA, a component of the package Remote Anything, running on a
Windows 2000 system without having been installed by the responsible
parties. Both machines are phsyically secured, and those with access
have disclaimed responsibility for installing the item. In each case,
the presence of Backdoor.RA was discovered when, exploring problems
with the machine, the user scanned the Task Manager list and noted a
process called Slave.exe running.
It appears that the instances were remote installs. Anyone know of an
exploit or apres-virus vulnerability which involves remote installation
of Backdoor.RA?
Thanks for your attention and responses.
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8D9zuIhTtc6nTZIIRAp0YAJ96UamL69h0mw6doLYD/TnEodEP3wCgmevw
F+8fUxavqb4dQOjA+jTYlu4=
=QIuk
-----END PGP SIGNATURE-----