[unisog] Super-hidden spamming exploits?

Thomas DuVally tduvally at brown.edu
Mon Oct 6 14:33:23 GMT 2003

On Tue, 2003-09-30 at 09:28, Martin Sapsed wrote:
> (catching up on a backlog of mail...)
> We saw a machine a little while back which was smtp'ing to its heart's 
> content. Turned out an executable called winmgrsvc2.exe had installed 
> itself, I guess via a nasty webpage/hole in IE. Further diagnosis was 
> complicated by the fact that the machine was running a Korean version of 
> Windows! I sent a copy to Sophos and they produced this ide to detect it...
> http://www.sophos.com/virusinfo/analyses/trojneosma.html
> Hope this is of some use to someone!

Has anyone seen something similar where they are using your internal
mail-relays? We are seeing spammers trying to leverage our mail-servers.
This of course has the effect of a DoS as we manually clear the effected
queues just to get things going again.

As an aside, anyone else getting the sense that SMTP is showing its age?

> Cheers,
> Martin
Thomas DuVally
Lead Sys. Prog.
CIS, Brown Univ.


More information about the unisog mailing list