Dameware attack...

Printable View

December 28th, 2002, 09:12 PM
jbomber

Dameware attack...

Hi,

I'm new here but been browsing.
Right now I'm an IS-assistant at my college. Just the other day, one of my co-worker's computer got hacked into. The hacker was using dameware software, a software that, I believe, uses a similar remote desktop connection that XP has. The ignorant hacker opened up MS WORD and typed..."I'm gonna kill you" ..."Watch your back." This led me to learn more about this software.

I did a little research on the software and actually downloaded it for testing also. I tried to enter one of my co-worker's computer and her computer required log-in and password.

FIY: All of us are in the same network.

Now my question to you guys is "How did he get bypass the log-in and password?"

Please help. I need to learn how to tighten the security and I need to learn how he got through so I can prevent it.

Thanks for any help or suggestions and sorry for the long post.
December 28th, 2002, 09:17 PM
Spyder32

This sound's like a trojan, and sometimes trojans use passwords for specific servers, but still that's weird. If you mean how he got in the computer to begin with, and then installed the trojan, perhaps the user (your co-worker) was using a weak password? Try to tell your co-workers to use strong, long, and hard-to-crack passwords instead of a weak one.
December 28th, 2002, 09:39 PM
THEJRC

it is most likely that your hacker is internal yes.... and the most probable way that he exploited the machine is a bit funny.

Ten to one your attacker either walked by while the machine was logged on and the screen was not locked, or used one of the other priveledged accounts on the machine... The way NT/2K/XP has done user management has always scared me because it makes it all too easy to give everyone full access and makes it quite hard to lock priveledges down when one needs to be sure users have full access to certain programs.

and while user friendliness is nice, it sometimes sacrifices functionality.... check your groups, be sure everyone is where they should be, remove any user accounts not needed on the system, and be sure to lock or log out of your workstations when leaving your desk.