RE: ANOTHER possible Windows problem?

["Sander de Rijk" <s.derijk () cti-solutions nl>]

Well, 3128 is also the proxy port of Winroute.

Besides that there is Sub7. This trojan lets someone control
Your pc remote. They can do anything on your machine that
You could also do. But Sub7 does nothing when not controlled
So I asume your firewall takes care of that. 

Besides that, I can't understand why there should be a trojan
That changes the proxy settings of a pc.

Do you have a cache.mycompany.com? It could also be a bug
In the auto-detect proxysettings of win98

Greetz,
Sander


-----Original Message-----
From: David Bernick [mailto:bernz () bernztech org] 
Sent: Friday, July 20, 2001 10:15 PM
To: incidents () securityfocus com
Subject: ANOTHER possible Windows problem?


At around 3pm EST all of the Windows 98 boxes at my company suddenly 
turned their proxy settings on (we don't use a proxy) and set their 
proxy server to: cache.mycompany.com (substitute mycompany with the name

of mycompany) and port 3128.

Now i know port 3128 is a Squid proxy port, so i guess that makes sense,

but has anyone ever seen anything like this before? the few win2k boxes 
are fine, as are the linux boxes. Is there a trojan or something like 
that where the payload changes proxy settings?

or is it something else entirely?

thanks!

dave



------------------------------------------------------------------------
----


This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com