[unisog] Super-hidden spamming exploits?

Brian Reilly reillyb at georgetown.edu
Thu Sep 25 16:04:48 GMT 2003


On Thu, 25 Sep 2003, Rita Seplowitz Saltz wrote:

> Greetings.
> 
> We've seen a number of student-owned MS Windows machines exploited by 
> spammers, even after the "usual suspects" have been addressed 
> (administrator password, backdoors, remote code, spyware, assorted 
> viruses) and the systems are believed to have been locked down securely.
> 
> Has anyone else seen this kind of thing?  And, if so,  have you any 
> helpful insights to offer?
> 

We've seen a few cases of this, but weren't able to pinpoint an exact
cause either.  Similar to your experience, we were able to rule out weak
passwords, spam-for-pay software installed by the user, and several common
spam-related viruses and backdoors (Jeem, Sobig/WinGate, etc.)  My concern
is that we're missing a lot of these spam-generating programs that either
don't open a network port or aren't detected by AV software.

On a related note, what are you all using to detect Spyware/Adware?

--Brian




More information about the unisog mailing list