Thanks to all for the replies/feedback. Anyway, If anyone has recently experienced any issues related to Dameware or Dameware malcode, whatever you want to call it, please share with the List. The issue that I experienced was with a windows 2000 desktop which was taken over a couple of days ago. When the admin called me to investigate I immediately noticed something strange, including the mouse pointer was moving on its own. Anyway, I learned that dameware can install itself, all the attacker needs is access to port 139 or 445 and an administrator account with a weak password. The affected Windows machine was a test machine which had a default password and userID and didn't have a personal firewall installed. That was the perfect environment for the malicious individual to install the dameware backdoor. --- Gerald Cody Bunch <gbunchat_private> wrote: > While it is entirely possible that there is a Trojan > of sorts that may > use this as a payload, > it has been my experience that Dameware NT > utilities, is pretty kosher. > The Dameware NT Utilities > Suite of applications (http://www.dameware.com/) > includes a feature to > force install the mini-remote control client > Onto a desktop machine, however the user performing > the remote install > must already have local > administrative rights to the computer to receive the > remote control > client. It is my understanding that > The authentication that this package uses also > requires a user name and > password of sorts on the remote system. > > Check http://www.dameware.com/ for any further > questions. > > Thanks, > > Gerald Cody Bunch > gbunchat_private > > > -----Original Message----- > From: John [mailto:johnccostaat_private] > Sent: Wednesday, June 04, 2003 2:32 PM > To: incidentsat_private > Subject: Dameware Malcode? Is anyone aware of it? > > > > > Is anyone aware of the existence of Dameware malcode > that makes use of > > Damaware mini-remote control to provide an attacker > with backdoor access > > > to systems? > > Thanks > > John > > ------------------------------------------------------------------------ > ---- > ------------------------------------------------------------------------ > ---- > ===== J. C. Costa ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 08:54:23 PDT