[unisog] Mysterious appearance of Backdoor.RA on Win2K machines

Stephen W. Thompson thompson at pobox.upenn.edu
Thu Dec 6 21:09:17 GMT 2001


Rita,

> This week, two different departments here reported discovering Backdoor.RA,
> a component of the package Remote Anything, running on a Windows 2000 system
> without having been installed by the responsible parties.  Both machines are
[snip]

What drew attention to the machines initially?  A group here had an
NT4 box which unexpectedly was missing many files normally found on a
healthy install.  Little investigation could be done before the group
reformatted and started over.  Probably unrelated, but...

En paz,
Steve, Security analyst
-- 
Stephen W. Thompson, UPenn, ISC Information Security, 215-898-1236, WWW has PGP
thompson at isc.upenn.edu    URL=http://pobox.upenn.edu/~thompson/index.html
  For security matters, use security at isc.upenn.edu, read by InfoSec staff
   * OPEN LETTER: http://pobox.upenn.edu/~thompson/considered-war.html *



More information about the unisog mailing list