That
almost looks like one of the dummy user accounts that gets added as part of
IIS. I see a couple of these on one win2k server that I
maintain:
"IWAM_<hostname>" (Launch IIS Process
Account)
"IUSER_<hostname>" (Internet Guest
Account)
Luke
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, June 21, 2004 1:45 PM
To: [EMAIL PROTECTED]
Subject: Interesting Occurrence
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, June 21, 2004 1:45 PM
To: [EMAIL PROTECTED]
Subject: Interesting Occurrence
Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home.
I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues?
Regards,
Brent