Educause Security Discussion mailing list archives
Backup Exec Agent Browser Exploit
From: Jim Bollinger <JBollinger () WLU EDU>
Date: Wed, 12 Jan 2005 09:34:57 -0500
Last night we were hit by a buffer overrun exploit on the Veritas Backup Exec Agent Browser service. At least one of the servers, A Windows 2003 Server running BE 9.1, appears to have been compromised by something which is using Hacker Defender as a stealth aid. The Symantec AV is killing a file called C:\WINDOWS\SYSTEM32\trkupd.sys, which it says is Backdoor.HackerDefender. I have seen what little there is on Symantec's website and done some obvious Google searches. I can already hear the chorus of "rebuild the machine" coming. The reason I am hesitant to do that is that regardless of what migration strategy I take, there will be the need to be a large effort to both reconfigure the box and recover the backup catalogs. Does anyone have experience with Hacker Defender removal? Thanks, Jim Jim Bollinger Systems and Network Engineer Washington and Lee University Lexington, VA 24450 540-458-8743 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Backup Exec Agent Browser Exploit Jim Bollinger (Jan 12)
- <Possible follow-ups>
- Re: Backup Exec Agent Browser Exploit Daren Kinser (Jan 12)