[unisog] Super-hidden spamming exploits?
tduvally at brown.edu
Mon Oct 6 14:33:23 GMT 2003
On Tue, 2003-09-30 at 09:28, Martin Sapsed wrote:
> (catching up on a backlog of mail...)
> We saw a machine a little while back which was smtp'ing to its heart's
> content. Turned out an executable called winmgrsvc2.exe had installed
> itself, I guess via a nasty webpage/hole in IE. Further diagnosis was
> complicated by the fact that the machine was running a Korean version of
> Windows! I sent a copy to Sophos and they produced this ide to detect it...
> Hope this is of some use to someone!
Has anyone seen something similar where they are using your internal
mail-relays? We are seeing spammers trying to leverage our mail-servers.
This of course has the effect of a DoS as we manually clear the effected
queues just to get things going again.
As an aside, anyone else getting the sense that SMTP is showing its age?
Lead Sys. Prog.
CIS, Brown Univ.
More information about the unisog