[unisog] Compromised student system

Marc Jimenez mjimenez at net.tufts.edu
Thu Feb 6 22:20:04 GMT 2003


Hi Chris,
	I don't know if it helps, but we've seen a few students with
compromised machines sourcing spam. In the few cases we've seen, the
program used appears to be one used by spamming companies who pay to have
you use your machine to spam for them. One student has admitted to
installing the program on his machine and making ~$15/month as a
distributed spam node, but the others have claimed no knowledge. It was
through the admission that we could recognize the program on the other
compromised machines.

	Cheers,
		Marc


Marc Jimenez
Network Engineering
Tufts University


"Read all instructions before applying adhesive."
-Large Print on Lid of Bucket; words to live by.

"Diplomacy" is saying "nice doggy" until you can find a big rock.
-Heinlein

On Thu, 6 Feb 2003, Chris Wilson wrote:

> We are curently looking at a student system that is running Win XP home. The system seems to be doing alot on port 25. but we have been unable to findout what processes are running on the system
>
>
> when the task manager is atempted to be opened it is auto closing itsself almost instantly.
>
> many ports are open when looked at with netstat -ANO
>
>



More information about the unisog mailing list