[geeks] My new laptop came with spyware

Gavin Hubbard ghub005 at xtra.co.nz
Wed Jan 29 03:58:28 CST 2003


Hi Lads

I am a little disturbed. My new Thinkpad x30 (no stuck red pixels this time, god bless em) has come from IBM with spyware installed as part of the base Windows XP build.

Quite by accident I noticed that my laptop had automatically opened an https connection to www-3.boulder.ibm.com on TCP port 3145 this evening. Foundstone's fport utility reveals that the process that opened the port is c:\Program Files\Support.com\bin\tgcmd.exe and it is also listening to TCP port 641 and UDP ports 123 & 3131. 

This process is running under the local administrator account and I know from my SANS training that tgcmd.exe is an fairly insidious remote control program (yes, spyware).

I don't know if I need a tinfoil hat - but WTF did IBM open a connection to spyware on my machine? This is just plain wrong.

Regards,

Gavin


More information about the geeks mailing list