J, It might be helpful if you checked the processes running on these systems. At the least you'd be likely to find something suspicious to investigate. Carv --- J Jewitt <jjewitt2001at_private> wrote: > > I'm seeing some strange activity, maybe someone > can > help. > > Windows 2000 workstations (the norm here) are > getting their C and D drives shared, full control to > everyone. > > The systems have current antivirus. > > The odd thing is the sharenames. She share name is > the drive letter --C or D-- with a computer name of > a > DIFFERENT computer in our enterprise appended. > The problem spans at least two domains that we > have > seen. > > These systems are all on a private network with a > well-run firewall ruleset. > > So if you look at a system showing these > characteristics, you'll see a list of shares that > look > like: > > |-|VICTIM > |+|CSYSTEMNAME1 > |+|CSYSTEMNAME2 > |+|DSYSTEMNAME1 > |+|DSYSTEMNAME2 > > So far, it appears it may be an admin script gone > awry, but no one has admitted to it. So, if anyone > has > seen a worm like this please let me know. > > thanks in advance, > J Jewitt > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up > now. > http://mailplus.yahoo.com > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 10:27:05 PST