[unisog] Super-hidden spamming exploits?
reillyb at georgetown.edu
Thu Sep 25 16:04:48 GMT 2003
On Thu, 25 Sep 2003, Rita Seplowitz Saltz wrote:
> We've seen a number of student-owned MS Windows machines exploited by
> spammers, even after the "usual suspects" have been addressed
> (administrator password, backdoors, remote code, spyware, assorted
> viruses) and the systems are believed to have been locked down securely.
> Has anyone else seen this kind of thing? And, if so, have you any
> helpful insights to offer?
We've seen a few cases of this, but weren't able to pinpoint an exact
cause either. Similar to your experience, we were able to rule out weak
passwords, spam-for-pay software installed by the user, and several common
spam-related viruses and backdoors (Jeem, Sobig/WinGate, etc.) My concern
is that we're missing a lot of these spam-generating programs that either
don't open a network port or aren't detected by AV software.
On a related note, what are you all using to detect Spyware/Adware?
More information about the unisog