I'm seeing some strange activity, maybe someone can
help.
Windows 2000 workstations (the norm here) are
getting their C and D drives shared, full control to
everyone.
The systems have current antivirus.
The odd thing is the sharenames. She share name is
the drive letter --C or D-- with a computer name of a
DIFFERENT computer in our enterprise appended.
The problem spans at least two domains that we have
seen.
These systems are all on a private network with a
well-run firewall ruleset.
So if you look at a system showing these
characteristics, you'll see a list of shares that look
like:
|-|VICTIM
|+|CSYSTEMNAME1
|+|CSYSTEMNAME2
|+|DSYSTEMNAME1
|+|DSYSTEMNAME2
So far, it appears it may be an admin script gone
awry, but no one has admitted to it. So, if anyone has
seen a worm like this please let me know.
thanks in advance,
J Jewitt
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 14:14:02 PST