Security Incidents mailing list archives
RE: Odd typing in MSWord
From: Felix.Simmons () edwardjones com
Date: Fri, 04 Mar 2005 13:22:37 -0600
There could be a few possible reasons for your ghost typing. One, did you check the document for macros? Two have you looked into any rootkit checking tools? Three, Did you hang a sniffer off a machine that could sniff the traffic of the workstation in question without actually having to put the sniffer on the workstation. When you do any analysis from the workstation you have to take anything you see with a grain of salt, as in the example of rootkits an attacker could hide processes, connections, files, basically anything they don't want you to see. I would say hang a sniffer off the machine and watch it, or when in doubt rebuild. -Felix -----Original Message----- From: FederatedInformationSecurity [mailto:FederatedInformationSecurity () federatedinv com] Sent: Friday, March 04, 2005 8:50 AM To: incidents Subject: Odd typing in MSWord I ran across something rather odd today I'm hoping someone might have thoughts on. One of my users had their XP SP1 laptop on the corporate network and was editing a Word document with office 2002. They pasted something in a table, and it looked like someone started typing in their document. It was slow, typical typing speed, and lasted for about 10 minutes (I actually got a chance to see it). The text was nonsense words, like the kind you often see in spam nowadays. The machine's fully patched, up-to-date anti-virus and a personal firewall. Don't see any signs of spyware, nothing in the registry. I checked all the files modified today hoping to find a keylogger or something similar, and the only thing I found was a seemingly encrypted file on the root of c:\ called "comply.ini", which isn't normal for our config, but may not be related. IE was open at the time this happened. I issued a netstat -a command while the typing was going on, but all the connections were legit--domain controller, file & print servers. I checked the running processes and everything seemed pretty typical, although I hit Anyone run across anything similar lately, or have any suggestions? Thanks! sid
Current thread:
- Odd typing in MSWord Federated Information Security (Mar 04)
- Re: Odd typing in MSWord Jeff Garrett (Mar 04)
- RE: Odd typing in MSWord Tom Baker (Mar 04)
- Re: Odd typing in MSWord Randy (Mar 04)
- Re: Odd typing in MSWord Jay D. Dyson (Mar 04)
- Re: Odd typing in MSWord Deborah McMahon (Mar 04)
- <Possible follow-ups>
- RE: Odd typing in MSWord Felix . Simmons (Mar 04)
- RE: Odd typing in MSWord Rubin, Benjamin (Mar 04)
- RE: Odd typing in MSWord Federated Information Security (Mar 04)
- Re: Odd typing in MSWord Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Mar 07)