At 06:31 PM 6/4/2003 +0000, John wrote: >Is anyone aware of the existence of Dameware malcode that makes use of >Damaware mini-remote control to provide an attacker with backdoor access >to systems? I've never seen a piece of malware that used dameware, however I have found machines that had been compromised which had dameware. In fact we had a series of them last year. Being an educational institution we have few controls over any non-staff end users, so when I have found dameware (or most other breaches for that matter), they usually turned out to be boxes with poor/no passwords, default builds of IIS or some other easily compromised issue (and usually without logging turned on so I was left to best guess the cause). John ------------------------------------------------- John Ives, GCWN Systems Administrator College of Chemistry (510) 643-1033 "If you spend more on coffee than on IT security, Then you will be hacked. What's more, you deserve to be hacked." - Richard Clarke Any opinions expressed are my own and not those of the Regents of the University of California. ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 08:38:44 PDT