Security Incidents mailing list archives

Re: Weird Windows logon attempts

From: Russell Fulton <r.fulton () auckland ac nz>
Date: 26 Feb 2003 12:14:56 +1300

On Tue, 2003-02-25 at 00:38, H C wrote:

Harry,

Have you gone back to the boxes and retrieved the
actual EventLog entries?  There's some info missing
from the syslog entry below that may be useful.


Hi, I'll respond for Harry who is bogged down with other things at the
moment.

It turned out that we had several machine infected with SoBig, sigh...
All our machines are supposed to have up to date AV software but with
1000s of machines some get missed.

Thanks to all who responded with advice.

Cheers, Russell.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Weird Windows logon attempts Harry Hoffman (Feb 23)
- Re: Weird Windows logon attempts Jacco Tunnissen (Feb 24)
- Re: Weird Windows logon attempts H C (Feb 25)
  - Re: Weird Windows logon attempts Russell Fulton (Feb 26)
    - RE: Weird Windows logon attempts Mary McAllister (Feb 26)
- <Possible follow-ups>
- Re: Weird Windows logon attempts Bojan Zdrnja (Feb 24)
- RE: Weird Windows logon attempts Terence Runge (Feb 24)