It looks like it wasn't Remedy at least, it was "Performance Assurance for Microsoft Servers" (see below). But good to know if anyone is using this in their environment.
That Best1_user account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker Houston, Texas base BMC Software includes administrator-level user account called Best1_user. Jeff -----Original Message----- From: Jeff Lockemy [mailto:jlock...@gmail.com] Sent: Thursday, January 30, 2014 8:23 AM To: 'arslist@arslist.org' Subject: OT: Target Attack and BMC Software ITSM? This news article hit today... http://www.startribune.com/business/242688511.html It says that a default password in a BMC ITSM product may have contributed to the target attack. Jeff Jeff Lockemy Lead Engineer, NAVY 311 Enterprise Service Management PMW-240 ITIL V3 Foundation Certified QMX Support Services Inc. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
