<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=613275217-21062004>That
almost looks like one of the dummy user accounts that gets added as part of
IIS. I see a couple of these on one win2k server that I
maintain:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004>"IWAM_<hostname>" (Launch IIS Process
Account)</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004>"IUSER_<hostname>" (Internet Guest
Account)</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004>Luke</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=613275217-21062004></SPAN></FONT> </DIV>
<DIV></DIV>
<DIV><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] <B>On Behalf Of
</B>Brent_OKeeffe@asc.aon.com<BR><B>Sent:</B> Monday, June 21, 2004 1:45
PM<BR><B>To:</B> nanog@merit.edu<BR><B>Subject:</B> Interesting
Occurrence<BR><BR></DIV></FONT>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px"><BR><FONT
face=sans-serif size=2>Okay... Here is a new one for me. Got a call from
my dad saying he left his PC on last night connected to his broadband.
He went to log in this morning and noticed a new ID in his user list -
IWAP_WWW. He immediately deleted is and called me. I had him
ensure his critical updates we all applied - they were. I had him ensure
his antivirus was up to date - it was (Norton Antivirus 2004). He is
running XP Home.</FONT> <BR><BR><FONT face=sans-serif size=2>I searched the
antivirus sites and elsewhere for references. Any idea if there is a new
vulnerability that has not been publicly released? Any clues?</FONT>
<BR><BR><FONT face=sans-serif size=2>Regards,</FONT> <BR><FONT face=sans-serif
size=2>Brent</FONT> <BR></BLOCKQUOTE></BODY></HTML>