I'm seeing some strange activity, maybe someone can help. Windows 2000 workstations (the norm here) are getting their C and D drives shared, full control to everyone. The systems have current antivirus. The odd thing is the sharenames. She share name is the drive letter --C or D-- with a computer name of a DIFFERENT computer in our enterprise appended. The problem spans at least two domains that we have seen. These systems are all on a private network with a well-run firewall ruleset. So if you look at a system showing these characteristics, you'll see a list of shares that look like: |-|VICTIM |+|CSYSTEMNAME1 |+|CSYSTEMNAME2 |+|DSYSTEMNAME1 |+|DSYSTEMNAME2 So far, it appears it may be an admin script gone awry, but no one has admitted to it. So, if anyone has seen a worm like this please let me know. thanks in advance, J Jewitt __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 14:14:02 PST