RE: Virus is getting domain account listing

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 05/10/04

Next message: travis.alexander_at_lacamas.org: "RE: Virus is getting domain account listing"

Previous message: Ronda Allen: "Re: Virus is getting domain account listing"
Maybe in reply to: David Carlin: "Virus is getting domain account listing"
Next in thread: Levinson, Karl: "RE: Virus is getting domain account listing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 10 May 2004 12:48:51 -0700 (PDT)
To: focus-ms@securityfocus.com

Michael,

> I have seen this strange thing today too, i got
> called up by a customer because they could'n logon.
> I havent been able to find anything so far as to who
> is to blame ...Mainly because of the issue appeared
> to have taken plase sometime last friday/thursday,
> and the logs recycle.

Are the audit log settings set to the defaults? If
so, have you (or your customer...the actual
relationship and who's responsible for what isn't
clear) modified these settings, so that if this
happens again, you'll see the entries?

> I have tried several AV products and worm catchers,
> no effect -

I'm not entirely clear on what you mean. If you don't
know from which workstations the failed logon attempts
originated, then on what systems were you running the
AV products? Also, AV products can be notoriously bad
at finding things, particularly if they don't already
have a signature for the malware you're looking for.

Of course, you may be looking at an errant application
or service account, not malware.

> it would be nice to find out EXACTLY how
> the volnarability is used, and if it is via program
> "or" virus/worm.

What "volnarability" [sp] are you referring to?

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: travis.alexander_at_lacamas.org: "RE: Virus is getting domain account listing"

Previous message: Ronda Allen: "Re: Virus is getting domain account listing"
Maybe in reply to: David Carlin: "Virus is getting domain account listing"
Next in thread: Levinson, Karl: "RE: Virus is getting domain account listing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: MS Windows updates
... Frank-FL wrote: ... Unlikely anymore than on the average one protected with a password for user ... The password for logon is not going to prevent malware from installing on a ... Malware usually gets on a system due to the end user ...
(microsoft.public.windowsxp.general)
Re: windows sbs 2000 Logon - logoff loop
... i fix it and now i can logon in the server without ... Malware on the Server? ...
(microsoft.public.backoffice.smallbiz2000)