Odd Shares showing up on workstations

[J Jewitt <jjewitt2001 () yahoo com>]

  I'm seeing some strange activity, maybe someone can
help.

  Windows 2000 workstations (the norm here) are
getting their C and D drives shared, full control to
everyone.

  The systems have current antivirus.

  The odd thing is the sharenames. She share name is
the drive letter --C or D-- with a computer name of a
DIFFERENT computer in our enterprise appended.
  The problem spans at least two domains that we have
seen.

  These systems are all on a private network with a
well-run firewall ruleset.
     
  So if you look at a system showing these
characteristics, you'll see a list of shares that look
like:

|-|VICTIM
          |+|CSYSTEMNAME1
          |+|CSYSTEMNAME2
          |+|DSYSTEMNAME1
          |+|DSYSTEMNAME2

  So far, it appears it may be an admin script gone
awry, but no one has admitted to it. So, if anyone has
seen a worm like this please let me know.

      thanks in advance,
           J Jewitt


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com