Firewall Wizards mailing list archives

Re: worm?

From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 1 Feb 2007 17:03:48 -0500

One of our support technician's machines is attempting to connect to

random IP addresses on port 25 - in

a pretty needy fashion. He says he's scanned the box with the latest

updates from McAffee and it hasn't

found anything.

We discovered it because one of my basic (meaning I got it off the
'Net) rules for SEC flagged it as a possible PHEL trojan.

Any thoughts?


I think your technician needs to try booting from trusted media and using
more than one type of scanner.  The only time we've ever had outbound SMTP
sweeps from a Windows workstation it was botted.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

worm? Brian Loe (Feb 01)
- Re: worm? Paul D. Robertson (Feb 01)
  - Re: worm? Francois Yang (Feb 01)
  - Re: worm? Julian M. Dragut (Feb 01)
- Re: worm? Paul Melson (Feb 01)
  - Re: worm? Brian Loe (Feb 01)
    - Re: worm? Paul D. Robertson (Feb 01)
    - Re: worm? Steven M. Bellovin (Feb 02)
    - Re: worm? Brian Loe (Feb 02)
    - Re: worm? Chris Myers (Feb 04)