North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Interesting Occurrence

  • From: Luke Starrett
  • Date: Mon Jun 21 14:01:42 2004
Title: Message
That almost looks like one of the dummy user accounts that gets added as part of IIS.  I see a couple of these on one win2k server that I maintain:
 
"IWAM_<hostname>" (Launch IIS Process Account)
 
"IUSER_<hostname>" (Internet Guest Account)
 
Luke
 
 
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of [email protected]
Sent: Monday, June 21, 2004 1:45 PM
To: [email protected]
Subject: Interesting Occurrence


Okay... Here is a new one for me.  Got a call from my dad saying he left his PC on last night connected to his broadband.  He went to log in this morning and noticed a new ID in his user list - IWAP_WWW.  He immediately deleted is and called me.  I had him ensure his critical updates we all applied - they were.  I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004).  He is running XP Home.

I searched the antivirus sites and elsewhere for references.  Any idea if there is a new vulnerability that has not been publicly released?  Any clues?

Regards,
Brent