Security Incidents mailing list archives
Re: Dameware Malcode? Is anyone aware of it?
From: John Ives <jives () cchem berkeley edu>
Date: Thu, 05 Jun 2003 09:43:58 -0700
At 06:31 PM 6/4/2003 +0000, John wrote:
Is anyone aware of the existence of Dameware malcode that makes use of Damaware mini-remote control to provide an attacker with backdoor access to systems?
I've never seen a piece of malware that used dameware, however I have found machines that had been compromised which had dameware. In fact we had a series of them last year. Being an educational institution we have few controls over any non-staff end users, so when I have found dameware (or most other breaches for that matter), they usually turned out to be boxes with poor/no passwords, default builds of IIS or some other easily compromised issue (and usually without logging turned on so I was left to best guess the cause).
John ------------------------------------------------- John Ives, GCWN Systems Administrator College of Chemistry (510) 643-1033"If you spend more on coffee than on IT security, Then you will be hacked. What's more, you deserve to be hacked." - Richard Clarke
Any opinions expressed are my own and not those of the Regents of the University of California.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Dameware Malcode? Is anyone aware of it? John (Jun 05)
- Re: Dameware Malcode? Is anyone aware of it? morning_wood (Jun 06)
- Re: Dameware Malcode? Is anyone aware of it? John Ives (Jun 06)
- Re: Dameware Malcode? Is anyone aware of it? Nick Jacobsen (Jun 06)
- <Possible follow-ups>
- RE: Dameware Malcode? Is anyone aware of it? Flory D Jeffrey Contractor 59MDSS/MSISI (Jun 06)
- RE: Dameware Malcode? Is anyone aware of it? John Costa (Jun 06)
- RE: Dameware Malcode? Is anyone aware of it? John Costa (Jun 09)