Re: netbuie.exe, scorpionsearch.com and fastcounter.bcentral.com

["Rainer Duffner" <rainer () ultra-secure de>]

Edwards, David  (JTS) writes: 

> Hi, 
>
> > -----Original Message-----
> > From: Nick FitzGerald [mailto:nick () virus-l demon co uk]
> > If they don't, you clearly need to revise your site's judgments about 
> > who is worthy of having admin (equivalent) passwords.
>
> Hmmm, who rattled your chain..  Are you saying that the
> only way this incident could have happened is if one of 
> our administrators stuffed up?

An educated guess would be someone with admin-rights surfing warez & 
p0rn-sites and "infecting" himself through the automatic installation of
said trojan via a IE-feature or vulnerability (or social engineering). 

People in Germany are often plagued by this, but here, the programs change 
the default ISP-number in Windoze to a number that is subject to varying 
arbitrary charges and thus resulting in horrendous phone bills. 



cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com