Security Incidents mailing list archives
Re: strange windows behaviour.
From: Derek <infosec_guy2003 () yahoo com>
Date: Tue, 7 Oct 2003 13:11:55 -0700 (PDT)
Spybot Search & Destroy is a good tool to use in addition to your AV scanner to seek out adware, spyware, and other obnoxious spewing stuff. Note that it may also nail Windows Media Player as spyware. [at http://www.safer-networking.org/] Derek
-----Original Message----- From: John Sage [mailto:jsage () finchhaven com] Sent: Tuesday, October 07, 2003 10:04 AM To: Peter Moody Cc: incidents () securityfocus com Subject: Re: strange windows behaviour. Peter: On Mon, Oct 06, 2003 at 01:05:13PM -0700, Peter Moody wrote:Hello all, I've got a bit of a problem, and I was wonderingif anyone on thislist has seen similar things. Recently, we'vebeen having studentwindows machines on our residential network beginspewing large,massive (on the order of hundreds of thousands ina few hours) spammessages at our mail servers. We promptlydisconnect the machines andhead down to do some forensic work on the boxeswhen we get a chance(usually after they call to complain that theinternet has died).I've been trying to find information on this, butthe most I've beenable to come up with is an advisory fromsymantec's threat managementsystem saying Mprox (some sort of MS proxy) is toblame. None of themachines I've gone and examined have had thisprogram running or onthe system anywhere for that matter. Has anyone else had similar problems of late?This all started for usabout a week ago and it's showing no signs ofgoing away any timesoon.You may be interested in this 09/06/03 post to the UNISOG maillist (unisog () sans org): /* begin post fragment */ From: Paul Russell <prussell () nd edu> To: unisog () sans org Subject: [unisog] Spam from student-owned computers Date: Mon, 06 Oct 2003 15:51:12 -0500 In the past ten days, we have had five incidents in which student-owned computers in our residence hall network (ResNet) were used to send large quantities of spam. I have seen similar reports from other sites, so I thought some of you might be interested our experience. Appended below are the case notes from one of these incidents. The report has been edited to remove all personal identification information. The analysis of the student's workstation was performed by a member of our Information Security team. -- Paul Russell Senior Systems Administrator University of Notre Dame
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: strange windows behaviour., (continued)
- Re: strange windows behaviour. Jeff Kell (Oct 08)
- Re: strange windows behaviour. Magosányi Árpád (Oct 09)
- Re: strange windows behaviour. Brian Eckman (Oct 08)
- Re: strange windows behaviour. Fabio Panigatti (Oct 10)
- Re: strange windows behaviour. J Mike Rollins (Oct 10)
- Re: strange windows behaviour. Tomasz Papszun (Oct 10)
- Re: strange windows behaviour. Jeff Kell (Oct 08)
- Re: strange windows behaviour. Peter Moody (Oct 08)
- Re: strange windows behaviour. Harlan Carvey (Oct 08)
- RE: strange windows behaviour. J Mike Rollins (Oct 09)
- Re: strange windows behaviour. Jeff Kell (Oct 09)
- Re: strange windows behaviour. J Mike Rollins (Oct 09)
- Re: strange windows behaviour. Tobias Rice (Oct 10)
- Administrivia: strange windows behaviour. Dan Hanson (Oct 09)