nanog mailing list archives

RE: Interesting Occurrence

From: Randy Bush <randy () psg com>
Date: Mon, 21 Jun 2004 14:06:24 -0400


you sent html as opposed to an email message.  as i do not use a web browser
to read mail, i can not read your message.  if you want me to read your
email, send email.

randy

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=613275217-21062004>That 
almost looks like one of the dummy user accounts that gets added as part of 
IIS.&nbsp; I see a couple of these on one win2k server that I 
maintain:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004>"IWAM_&lt;hostname&gt;" (Launch IIS Process 
Account)</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004>"IUSER_&lt;hostname&gt;" (Internet Guest 
Account)</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004>Luke</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN 
class=613275217-21062004></SPAN></FONT>&nbsp;</DIV>
<DIV></DIV>
<DIV><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> 
owner-nanog () merit edu [mailto:owner-nanog () merit edu] <B>On Behalf Of 
</B>Brent_OKeeffe () asc aon com<BR><B>Sent:</B> Monday, June 21, 2004 1:45 
PM<BR><B>To:</B> nanog () merit edu<BR><B>Subject:</B> Interesting 
Occurrence<BR><BR></DIV></FONT>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px"><BR><FONT 
  face=sans-serif size=2>Okay... Here is a new one for me. &nbsp;Got a call from 
  my dad saying he left his PC on last night connected to his broadband. 
  &nbsp;He went to log in this morning and noticed a new ID in his user list - 
  IWAP_WWW. &nbsp;He immediately deleted is and called me. &nbsp;I had him 
  ensure his critical updates we all applied - they were. &nbsp;I had him ensure 
  his antivirus was up to date - it was (Norton Antivirus 2004). &nbsp;He is 
  running XP Home.</FONT> <BR><BR><FONT face=sans-serif size=2>I searched the 
  antivirus sites and elsewhere for references. &nbsp;Any idea if there is a new 
  vulnerability that has not been publicly released? &nbsp;Any clues?</FONT> 
  <BR><BR><FONT face=sans-serif size=2>Regards,</FONT> <BR><FONT face=sans-serif 
  size=2>Brent</FONT> <BR></BLOCKQUOTE></BODY></HTML>

Current thread:

Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Jeff Shultz (Jun 21)
- RE: Interesting Occurrence Luke Starrett (Jun 21)
  - RE: Interesting Occurrence Randy Bush (Jun 21)
- Re: Interesting Occurrence Richard A Steenbergen (Jun 21)
  - Re: Interesting Occurrence Christian Malo (Jun 21)
- Re: Interesting Occurrence John Kinsella (Jun 21)
- Message not available
  - Re: Interesting Occurrence Mike Tancsa (Jun 21)
- <Possible follow-ups>
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)