Interesting Occurrence
Luke Starrett
lstarrett at nc.rr.com
Mon Jun 21 17:55:55 UTC 2004
That almost looks like one of the dummy user accounts that gets added as
part of IIS. I see a couple of these on one win2k server that I maintain:
"IWAM_<hostname>" (Launch IIS Process Account)
"IUSER_<hostname>" (Internet Guest Account)
Luke
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Brent_OKeeffe at asc.aon.com
Sent: Monday, June 21, 2004 1:45 PM
To: nanog at merit.edu
Subject: Interesting Occurrence
Okay... Here is a new one for me. Got a call from my dad saying he left his
PC on last night connected to his broadband. He went to log in this morning
and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is
and called me. I had him ensure his critical updates we all applied - they
were. I had him ensure his antivirus was up to date - it was (Norton
Antivirus 2004). He is running XP Home.
I searched the antivirus sites and elsewhere for references. Any idea if
there is a new vulnerability that has not been publicly released? Any
clues?
Regards,
Brent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040621/a032955c/attachment.html>
More information about the NANOG
mailing list