IWAP_WWW account showing up on XP boxes, not just IIS?
From: Jeffrey Thomas (jthomas_at_ETAXFN.COM)
Date: 06/28/04
- Previous message: Brian S. Bergin: "Some Symantec AV engines don't catch re-encoded viruses/worms"
- Next in thread: Chad Myers: "Re: IWAP_WWW account showing up on XP boxes, not just IIS?"
- Reply: Chad Myers: "Re: IWAP_WWW account showing up on XP boxes, not just IIS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 12:07:44 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Do a google on IWAP_WWW, seems there are XP users discovering this account on their PCs suddenly in the last few days.
IWAM_WWW is a legit account (used by IIS in certain cfgs), but never heard of IWAP_WWW so we may be looking at an attempt to hide a malicious account using a slightly modified name of legit accounts. Could be legit, but more checking definitely needed....I'm leaning towards non-legit account.
J. Thomas
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Brian S. Bergin: "Some Symantec AV engines don't catch re-encoded viruses/worms"
- Next in thread: Chad Myers: "Re: IWAP_WWW account showing up on XP boxes, not just IIS?"
- Reply: Chad Myers: "Re: IWAP_WWW account showing up on XP boxes, not just IIS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
