Survey.exe

["Ken Fox" <kenfox () starlinx com>]

        Folks --        

        Anyone running an NT box seen a program called Survey.exe in thier task manager window? This puppy was sucking 
up 100% of  the CPU ...   I hadn't recalled ruinning anything that would generate such a program ; however, I was 
online at Microsoft's web site at the time (patches / downloads / etc) ... when I killed the process (not a terribly 
smart idea in WIndows, I noticed aa red Icon dropped out of the systray, kinda looked like a wizard or a mutated AOL 
icon) Assuming this is a hacker poking around , has anyone seen this before. Specifically, I killed him rather than let 
him play -- OTOH I am planning on a dedicated hook-up with a firewall rather than Dial up ... (turns out I moved in to 
an area with 7.1Meg ADSL available.... 

         I hadn''t gotten to installing / downloading BOF yet (it is now) -- Specifically though, if anyone has seen 
this program before, what ports & so forth is it using and therefore what would we look for in a IDS or block with a 
firewall?

        I searched bugtraq for survey.exe under the assumption that it was malicious and/or had been seen before.

Thanks< ken