|Spike 31 Aug thru early September 2005 probably due to remotely
exploitable login username buffer overflow in DameWare Mini
Remote Control Client Agent Service (dwrcs.exe):
Reported to affect 4.0 thru, but not including, 4.9.0.
Various versions of this agent are often surreptitiously
installed by malware as a backdoor, so random scanning may
turn up more installations than might otherwise be expected.
|There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system.
|I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection.
|Probably related to http://www.securiteam.com/windowsntfocus/6N00B1P95I.html
I've seen multiple successful intrusions via this service today.
|Davis Ray Sickmon, Jr
|Normally associated with DameWare and DameWare mini-RC, a remote control agent.