Security Incidents mailing list archives
RE: Dameware Malcode? Is anyone aware of it?
From: John Costa <johnccosta () yahoo ca>
Date: Thu, 5 Jun 2003 22:30:43 -0400 (EDT)
Thanks to all for the replies/feedback. Anyway, If anyone has recently experienced any issues related to Dameware or Dameware malcode, whatever you want to call it, please share with the List. The issue that I experienced was with a windows 2000 desktop which was taken over a couple of days ago. When the admin called me to investigate I immediately noticed something strange, including the mouse pointer was moving on its own. Anyway, I learned that dameware can install itself, all the attacker needs is access to port 139 or 445 and an administrator account with a weak password. The affected Windows machine was a test machine which had a default password and userID and didn't have a personal firewall installed. That was the perfect environment for the malicious individual to install the dameware backdoor. --- Gerald Cody Bunch <gbunch () gmx net> wrote: > While it is entirely possible that there is a Trojan
of sorts that may use this as a payload, it has been my experience that Dameware NT utilities, is pretty kosher. The Dameware NT Utilities Suite of applications (http://www.dameware.com/) includes a feature to force install the mini-remote control client Onto a desktop machine, however the user performing the remote install must already have local administrative rights to the computer to receive the remote control client. It is my understanding that The authentication that this package uses also requires a user name and password of sorts on the remote system. Check http://www.dameware.com/ for any further questions. Thanks, Gerald Cody Bunch gbunch () gmx net -----Original Message----- From: John [mailto:johnccosta () yahoo ca] Sent: Wednesday, June 04, 2003 2:32 PM To: incidents () securityfocus com Subject: Dameware Malcode? Is anyone aware of it? Is anyone aware of the existence of Dameware malcode that makes use of Damaware mini-remote control to provide an attacker with backdoor access to systems? Thanks John
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
===== J. C. Costa ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Dameware Malcode? Is anyone aware of it? John (Jun 05)
- Re: Dameware Malcode? Is anyone aware of it? morning_wood (Jun 06)
- Re: Dameware Malcode? Is anyone aware of it? John Ives (Jun 06)
- Re: Dameware Malcode? Is anyone aware of it? Nick Jacobsen (Jun 06)
- <Possible follow-ups>
- RE: Dameware Malcode? Is anyone aware of it? Flory D Jeffrey Contractor 59MDSS/MSISI (Jun 06)
- RE: Dameware Malcode? Is anyone aware of it? John Costa (Jun 06)
- RE: Dameware Malcode? Is anyone aware of it? John Costa (Jun 09)