""A floor manager responsible for production asked me to fix his PC, which was so slow he could literally make a coffee in the time between double-clicking an icon and having the program open," Parker told On Call. The manager's PC was only a year old and ran Windows XP, a combo that at the time of this tale should have made for decent performance."
"A quick investigation found many malicious programs installed on the PC, plus an unauthorized local account called "offtime." Parker considered the manager a friend, knew he was a straight shooter, and could not imagine he had anything to do with this mess. Log files confirmed Parker's theory: Whoever installed the malicious software did it between 8pm and 4am, well outside the manager's 9am to 5pm routine."
""My first suspicion was a remote hack, but the firewall logs showed nothing connecting to that machine other than HTTP/HTTPS traffic," Parker told On Call. With the manager's permission, he therefore removed the unauthorized programs and installed a monitoring tool that took a screenshot of the PC's display every five minutes. Critically, Parker left the "offtime" account in place. The next morning, Parker found a stack of screenshots, plenty of them using the "offtime" account to visit a dating site."
A floor manager's PC running Windows XP was severely slowed by multiple malicious programs and an unauthorized local account named "offtime". Log files showed the malicious software was installed between 8pm and 4am, outside the manager's normal 9am–5pm hours. Firewall logs recorded only HTTP/HTTPS traffic, ruling out remote intrusion via other ports. A monitoring tool captured screenshots every five minutes, showing the "offtime" account accessing a dating site with the username "RedVette". The evidence linked the activity to a midnight-shift mechanic who owned a red Corvette and who spent around four hours using the manager's computer.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]