Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd typing in MSWord

from [Tom Baker] Network Security [Permanent Link]
Subject: RE: Odd typing in MSWord
Date: Fri, 4 Mar 2005 13:44:38 -0500 
comply.ini could be from ISS's BlackIce product, is that installed on the
machine?


-----Original Message-----
From: Federated Information Security
[mailto:FederatedInformationSecurity@federatedinv.com]
Sent: Friday, March 04, 2005 9:50 AM
To: incidents@securityfocus.com
Subject: Odd typing in MSWord


I ran across something rather odd today I'm hoping someone might have
thoughts on.  One of my users had their XP SP1 laptop on the corporate
network and was editing a Word document with office 2002.  They pasted
something in a table, and it looked like someone started typing in their
document.  It was slow, typical typing speed, and lasted for about 10
minutes (I actually got a chance to see it).  The text was nonsense
words, like the kind you often see in spam nowadays.

The machine's fully patched, up-to-date anti-virus and a personal
firewall.  Don't see any signs of spyware, nothing in the registry.  I
checked all the files modified today hoping to find a keylogger or
something similar, and the only thing I found was a seemingly encrypted
file on the root of c:\ called "comply.ini", which isn't normal for our
config, but may not be related.  IE was open at the time this happened.
I issued a netstat -a command while the typing was going on, but all the
connections were legit--domain controller, file & print servers.  I
checked the running processes and everything seemed pretty typical,
although I hit

Anyone run across anything similar lately, or have any suggestions?

Thanks!
sid
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Odd typing in MSWord, Felix . Simmons
Next by Date:  Re: Odd typing in MSWord, Randy
Previous by Thread:  Re: Odd typing in MSWord, Jeff Garrett
Next by Thread:  Re: Odd typing in MSWord, Randy
Indexes:  [Date] [Thread] [Top] [All Lists]