[geeks] My new laptop came with spyware
Kurt Huhn
kurt at k-huhn.com
Wed Jan 29 09:15:05 CST 2003
Gavin Hubbard <ghub005 at xtra.co.nz> wrote:
> Quite by accident I noticed that my laptop had automatically opened an
> https connection to www-3.boulder.ibm.com on TCP port 3145 this evening.
> Foundstone's fport utility reveals that the process that opened the port
> is c:\Program Files\Support.com\bin\tgcmd.exe and it is also listening to
> TCP port 641 and UDP ports 123 & 3131.
>
Eeeew!
> This process is running under the local administrator account and I know
> from my SANS training that tgcmd.exe is an fairly insidious remote control
> program (yes, spyware).
>
Good God! Local administrator??!!
> I don't know if I need a tinfoil hat - but WTF did IBM open a connection
> to spyware on my machine? This is just plain wrong.
>
Hrm, bust out the tinfoil.
Probably an app used to help out the IBM helpdesk if you ever call for
support on your system. However, I would kill it, and delete it with
extreme prejudice. The same app could be used by malicious people, or even
IBM (or some other group, like the RIAA) to implement some sort of digital
licensing enforcement for software or data that it deems is ill-gotten. Say
bye-bye to your MP3s?
--
Kurt
kurt at k-huhn.com
More information about the geeks
mailing list