Security Incidents: ANOTHER possible Windows problem?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

ANOTHER possible Windows problem?

From: David Bernick <bernz () bernztech org>
Date: Fri, 20 Jul 2001 16:15:21 -0400

At around 3pm EST all of the Windows 98 boxes at my company suddenlyturned their proxy settings on (we don't use a proxy) and set theirproxy server to: cache.mycompany.com (substitute mycompany with the nameof mycompany) and port 3128.

Now i know port 3128 is a Squid proxy port, so i guess that makes sense,but has anyone ever seen anything like this before? the few win2k boxesare fine, as are the linux boxes. Is there a trojan or something likethat where the payload changes proxy settings?


or is it something else entirely?

thanks!

dave



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see:


http://aris.securityfocus.com

By Date By Thread

Current thread:

ANOTHER possible Windows problem? David Bernick (Jul 21)
- Re: ANOTHER possible Windows problem? Kris Carlier (Jul 22)
- RE: ANOTHER possible Windows problem? Sander de Rijk (Jul 22)
- Guess this is a hack attemp Gareth Hastings (Jul 22)
  - RE: Guess this is a hack attemp Chip McClure (Jul 22)
  - Re: Guess this is a hack attemp Alvin Oga (Jul 22)