nanog mailing list archives

RE: Interesting Occurrence

From: "Luke Starrett" <lstarrett () nc rr com>
Date: Mon, 21 Jun 2004 13:55:55 -0400

That almost looks like one of the dummy user accounts that gets added as
part of IIS.  I see a couple of these on one win2k server that I maintain:
 
"IWAM_<hostname>" (Launch IIS Process Account)
 
"IUSER_<hostname>" (Internet Guest Account)
 
Luke
 
 
-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Brent_OKeeffe () asc aon com
Sent: Monday, June 21, 2004 1:45 PM
To: nanog () merit edu
Subject: Interesting Occurrence




Okay... Here is a new one for me.  Got a call from my dad saying he left his
PC on last night connected to his broadband.  He went to log in this morning
and noticed a new ID in his user list - IWAP_WWW.  He immediately deleted is
and called me.  I had him ensure his critical updates we all applied - they
were.  I had him ensure his antivirus was up to date - it was (Norton
Antivirus 2004).  He is running XP Home. 

I searched the antivirus sites and elsewhere for references.  Any idea if
there is a new vulnerability that has not been publicly released?  Any
clues? 

Regards, 
Brent

Current thread:

Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Jeff Shultz (Jun 21)
- RE: Interesting Occurrence Luke Starrett (Jun 21)
  - RE: Interesting Occurrence Randy Bush (Jun 21)
- Re: Interesting Occurrence Richard A Steenbergen (Jun 21)
  - Re: Interesting Occurrence Christian Malo (Jun 21)
- Re: Interesting Occurrence John Kinsella (Jun 21)
- Message not available
  - Re: Interesting Occurrence Mike Tancsa (Jun 21)
- <Possible follow-ups>
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)