What is the weirdest/most interesting thing you've seen when performing an investigation of a Windows system?
I once was asked to look at a Win2K system with no auditing enabled, and a weak Admin password. The system was infested with spyware and malware...at least three Trojans were installed. I also found three additional Admin accounts...God, g0d and gawd. It looked to me as if one person had gotten in and created the first account (gee-oh-dee), then the second person got in and found the account he wanted to create already there, so he created his own variation...gee-zero-dee.
What about you?
2 comments:
I'm kinda disappointed that no one has responded to this yet bc it could generate some interesting stories. However, I'll post my two most interesting/weirdest discoveries.
I volunteered some security services for an auction at my daughters school and they were picked up by a number of people. One of them was a family who wanted me to look at their daughter's computer, which was acting slow. They wanted to know if I could help or if they needed to get a new computer.
After looking at it, I found over 500 pieces of evidence of spyware (this includes cookies - so really about 30-40 actual installed applications). These includes p0rn dialers, keystroke loggers and your usual assortment of adware and tracking programs.
Five hours later I had everything cleaned up on it and it was, not surprisingly, running much faster. (I would have normally re-installed but they could not find the install disks).
In another activity for that same auction, I looked at one gentleman's PC when he was home from college. He had a brand new XP system that had only been on the campus network for 1 semester. In the root of the C: were a number of files like "youve_been_hacked.txt" with descriptions telling the person that they had been compromised and how. Of course, their C drive was shared to the world and I found a number of backdoors on it. Apparently, academia hackers are helpful too. :)
I've come across some sizable porno collections and cookie tracks amongst cleaning various people's computers. Of course, they were right there when I found them.
Post a Comment