[unisog] Question: Spam-for-Pay

Marc Jimenez mjimenez at net.tufts.edu
Thu Mar 20 00:25:54 GMT 2003

Hi Anderson,
	As I'm sure some of you saw on slashdot or idg.net a few weeks
ago. We got hit with this one, and are continuing to track down more of
it. Our Sr. Security Analyst is working on a port signature for what we're
seeing. It does seem to follow a characteristic pattern.


Marc Jimenez
Network Engineering
Tufts University

"Read all instructions before applying adhesive."
-Large Print on Lid of Bucket; words to live by.

"Diplomacy" is saying "nice doggy" until you can find a big rock.

On Wed, 19 Mar 2003, Anderson Johnston wrote:

> Question - Has anyone on the list encountered PC software which spams the
> known universe in return for a payment of some form to the owner of the
> PC?
> Problem - We are picking up commercial spam from our residential network.
> So far, it looks like the offending PC's were compromised and turned into
> open relays.  I looked at one and it certainly had no passwords on any of
> the accounts.  This corroborated the PC owner's defense of obdurate
> stupidity.
> I'd like to know if there is any signature, perhaps in the event logs or
> the registry, that would indicate that this software might have been
> there.
> Alternately, if anyone can point me to a copy, we can try to find out
> ourselves.
> 					Thanks,
> 						- Andy Johnston
> ------------------------------------------------------------------------------
> ** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
> ** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
> ** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
> ** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
> ------------------------------------------------------------------------------

More information about the unisog mailing list