Sounds like a 'bot' to me. Those can do all the things you describe.
-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Loren LaLonde
Sent: Tuesday, December 20, 2005 11:03 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Windows Logon Type 2
Is there a VNC service installed on the workstation? Maybe a PcAnywhere
installation?
-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of David K McFarlane
Sent: Tuesday, December 20, 2005 11:01 AM
To: [log in to unmask]
Subject: [MSUNAG] Windows Logon Type 2
We have an intruder repeatedly breaking in to a main office
computer(deleting firewalls & antivirus, enabling telnet, installing pirated
movies, etc.). The most recent incident was Thursday night/Friday morning.
The Windows XP security log shows a logon type 2 early Friday morning. This
is supposed to mean a console logon, which would mean that the intruder was
in the office directly at the keyboard of the attacked computer, instead of
breaking in over the network.
Question: Is there any other way to get a logon type 2 in the security log?
Or let's take a poll: How many of you think that our intruder is coming in
the door, and how many think he is coming over the network?
-- David McFarlane
Systems Designer
Michigan State University, Dept. of Psychology
[log in to unmask]
|
