Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: strange windows behaviour.
From: Derek <infosec_guy2003 () yahoo com>
Date: Tue, 7 Oct 2003 13:11:55 -0700 (PDT)
Spybot Search & Destroy is a good tool to use in
addition to your AV scanner to seek out adware,
spyware, and other obnoxious spewing stuff.  Note that
it may also nail Windows Media Player as spyware.
[at http://www.safer-networking.org/]

Derek


-----Original Message-----
From: John Sage [mailto:jsage () finchhaven com] 
Sent: Tuesday, October 07, 2003 10:04 AM
To: Peter Moody
Cc: incidents () securityfocus com
Subject: Re: strange windows behaviour.


Peter:

On Mon, Oct 06, 2003 at 01:05:13PM -0700, Peter
Moody wrote:

Hello all,

I've got a bit of a problem, and I was wondering

if anyone on this 

list has seen similar things.  Recently, we've

been having student 

windows machines on our residential network begin

spewing large, 

massive (on the order of hundreds of thousands in

a few hours) spam 

messages at our mail servers.  We promptly

disconnect the machines and


head down to do some forensic work on the boxes

when we get a chance 

(usually after they call to complain that the

internet has died).


I've been trying to find information on this, but

the most I've been 

able to come up with is an advisory from

symantec's threat management 

system saying Mprox (some sort of MS proxy) is to

blame.  None of the 

machines I've gone and examined have had this

program running or on 

the system anywhere for that matter.

Has anyone else had similar problems of late? 

This all started for us


about a week ago and it's showing no signs of

going away any time 

soon.


You may be interested in this 09/06/03 post to the
UNISOG maillist
(unisog () sans org):

/* begin post fragment */

From: Paul Russell <prussell () nd edu>
To: unisog () sans org
Subject: [unisog] Spam from student-owned computers
Date: Mon, 06 Oct 2003 15:51:12 -0500

In the past ten days, we have had five incidents in
which student-owned
computers in our residence hall network (ResNet)
were used to send large
quantities of spam. I have seen similar reports from
other sites, so I
thought some of you might be interested our
experience. Appended below
are the case notes from one of these incidents. The
report has been
edited to remove all personal identification
information. The analysis
of the student's workstation was performed by a
member of our
Information Security team. 

--
Paul Russell
Senior Systems Administrator
University of Notre Dame




__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]