[geeks] My new laptop came with spyware
David Selders
david at malleable.org
Wed Jan 29 09:51:54 CST 2003
On Wed, Jan 29, 2003 at 10:58:28PM +1300, Gavin Hubbard wrote:
> Hi Lads
>
> I am a little disturbed. My new Thinkpad x30 (no stuck red pixels this time, god bless em) has come from IBM with spyware installed as part of the base Windows XP build.
>
> Quite by accident I noticed that my laptop had automatically opened an https connection to www-3.boulder.ibm.com on TCP port 3145 this evening. Foundstone's fport utility reveals that the process that opened the port is c:\Program Files\Support.com\bin\tgcmd.exe and it is also listening to TCP port 641 and UDP ports 123 & 3131.
>
> This process is running under the local administrator account and I know from my SANS training that tgcmd.exe is an fairly insidious remote control program (yes, spyware).
>
> I don't know if I need a tinfoil hat - but WTF did IBM open a connection to spyware on my machine? This is just plain wrong.
>
> Regards,
>
> Gavin
> _______________________________________________
> GEEKS: http://www.sunhelp.org/mailman/listinfo/geeks
If I am not mistaken TCP port 3145 is RDP/Terminal Services. I personally
would wipe the drive and do a clean install of XP or whatever you plan to
run. I never run a machine as delivered from a manufacter. I can't stand
all the stupid little programs they install to "help" me out with my new
pc/laptop.
--
David Selders
david at malleable.org
Martinez, Ca
More information about the geeks
mailing list