Security Incidents mailing list archives
strange windows behaviour.
From: Peter Moody <peter () ucsc edu>
Date: Mon, 06 Oct 2003 13:05:13 -0700
Hello all, I've got a bit of a problem, and I was wondering if anyone on this list has seen similar things. Recently, we've been having student windows machines on our residential network begin spewing large, massive (on the order of hundreds of thousands in a few hours) spam messages at our mail servers. We promptly disconnect the machines and head down to do some forensic work on the boxes when we get a chance (usually after they call to complain that the internet has died). I've been trying to find information on this, but the most I've been able to come up with is an advisory from symantec's threat management system saying Mprox (some sort of MS proxy) is to blame. None of the machines I've gone and examined have had this program running or on the system anywhere for that matter. Has anyone else had similar problems of late? This all started for us about a week ago and it's showing no signs of going away any time soon. Thanks. -Peter -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- strange windows behaviour. Peter Moody (Oct 07)
- Re: strange windows behaviour. John Sage (Oct 07)
- Re: strange windows behaviour. Jeff Kell (Oct 08)
- Re: strange windows behaviour. Magosányi Árpád (Oct 09)
- Re: strange windows behaviour. Brian Eckman (Oct 08)
- Re: strange windows behaviour. Fabio Panigatti (Oct 10)
- Re: strange windows behaviour. J Mike Rollins (Oct 10)
- Re: strange windows behaviour. Tomasz Papszun (Oct 10)
- Re: strange windows behaviour. Jeff Kell (Oct 08)
- Re: strange windows behaviour. John Sage (Oct 07)
- <Possible follow-ups>
- Re: strange windows behaviour. H Carvey (Oct 08)
- Re: strange windows behaviour. Peter Moody (Oct 08)