[geeks] Re: Re: My new laptop came with spyware

Gavin Hubbard ghub005 at xtra.co.nz
Wed Jan 29 05:09:47 CST 2003


That sounds like a very good plan. I just didn't expect this to happen from IBM.

My laptop has none of my $data on the WinXP filesystem except for some .iso files that I mount in VMWare (my laptop has no CDROM). I always put anything of value into VMWare virtual machines so I can back them up easily and/or transfer them to a virtualiser on another machine when required.

Regards,

Gavin


> *shrug*
> 
> Delete it.  The first thing I do when I get a machine with preinstalled
> software is to wipe the hard drive.
> 
> Peace...  Sridhar
> 
> On Wed, 29 Jan 2003, Gavin Hubbard wrote:
> 
> > Hi Lads
> >
> > I am a little disturbed. My new Thinkpad x30 (no stuck red pixels this time, god bless em) has come from IBM with spyware installed as part of the base Windows XP build.
> >
> > Quite by accident I noticed that my laptop had automatically opened an https connection to www-3.boulder.ibm.com on TCP port 3145 this evening. Foundstone's fport utility reveals that the process that opened the port is c:\Program Files\Support.com\bin\tgcmd.exe and it is also listening to TCP port 641 and UDP ports 123 & 3131.
> >
> > This process is running under the local administrator account and I know from my SANS training that tgcmd.exe is an fairly insidious remote control program (yes, spyware).
> >
> > I don't know if I need a tinfoil hat - but WTF did IBM open a connection to spyware on my machine? This is just plain wrong.
> >
> > Regards,
> >
> > Gavin
> > _______________________________________________
> > GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks


More information about the geeks mailing list