RE: Dameware Malcode? Is anyone aware of it?

From: John Costa (johnccostaat_private)
Date: Thu Jun 05 2003 - 19:30:43 PDT

Next message: Rodney Green: "Re: strange traffic on UDP port 53"

Previous message: Valdis.Kletnieksat_private: "Re: strange traffic on UDP port 53"
Next in thread: John Costa: "RE: Dameware Malcode? Is anyone aware of it?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks to all for the replies/feedback. Anyway, If
anyone has recently experienced any issues related to
Dameware or Dameware malcode, whatever you want to
call it, please share with the List. 

The issue that I experienced was with a windows 2000
desktop which was taken over a couple of days ago.
When the admin called me to investigate I immediately
noticed something strange, including the mouse pointer
was moving on its own. Anyway, I learned that dameware
can install itself, all the attacker needs is access
to port 139 or 445 and an administrator account with a
weak password. The affected Windows machine was a test
machine which had a default password and userID and
didn't have a personal firewall installed. That was
the perfect environment for the malicious individual
to install the dameware backdoor.

--- Gerald Cody Bunch <gbunchat_private> wrote: > While
it is entirely possible that there is a Trojan
> of sorts that may
> use this as a payload, 
> it has been my experience that Dameware NT
> utilities, is pretty kosher.
> The Dameware NT Utilities
> Suite of applications (http://www.dameware.com/)
> includes a feature to
> force install the mini-remote control client
> Onto a desktop machine, however the user performing
> the remote install
> must already have local 
> administrative rights to the computer to receive the
> remote control
> client.  It is my understanding that
> The authentication that this package uses also
> requires a user name and
> password of sorts on the remote system.
> 
> Check http://www.dameware.com/ for any further
> questions.
> 
>  Thanks,
> 
>  Gerald Cody Bunch
>  gbunchat_private
> 
> 
> -----Original Message-----
> From: John [mailto:johnccostaat_private] 
> Sent: Wednesday, June 04, 2003 2:32 PM
> To: incidentsat_private
> Subject: Dameware Malcode? Is anyone aware of it?
> 
> 
> 
> 
> Is anyone aware of the existence of Dameware malcode
> that makes use of 
> 
> Damaware mini-remote control to provide an attacker
> with backdoor access
> 
> 
> to systems? 
> 
> Thanks
> 
> John
> 
>
------------------------------------------------------------------------
> ----
>
------------------------------------------------------------------------
> ----
>  

=====

J. C. Costa

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca

----------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Rodney Green: "Re: strange traffic on UDP port 53"
Previous message: Valdis.Kletnieksat_private: "Re: strange traffic on UDP port 53"
Next in thread: John Costa: "RE: Dameware Malcode? Is anyone aware of it?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 08:54:23 PDT