Mysterious appearance of Backdoor.RA on Win2K machines

Rita Seplowitz Saltz rita at Princeton.EDU
Thu Dec 6 20:31:23 GMT 2001


This week, two different departments here reported discovering Backdoor.RA,
a component of the package Remote Anything, running on a Windows 2000 system
without having been installed by the responsible parties.  Both machines are
phsyically secured, and those with access have disclaimed responsibility for
installing the item.  In each case, the presence of Backdoor.RA was
discovered when, exploring problems with the machine, the user scanned the
Task Manager list and noted a process called Slave.exe running.

It appears that the instances were remote installs.  Anyone know of an
exploit or apres-virus vulnerability which involves remote installation of

Thanks for your attention and responses.

Rita Saltz
Policy and Security Advisor
Office of Information Technology (OIT)
Princeton University
rita at

More information about the unisog mailing list