[unisog] Super-hidden spamming exploits?

Dawley, Suzanne Suzanne_Dawley at brown.edu
Thu Sep 25 18:01:33 GMT 2003


Best practice is to backup data only, reformat hard disk, reload OS and
patch, install antivirus and update, and then reinstall all apps.

It's time consuming but the only effective way to regain ownership of
the box. It's less time consuming than dealing with the same incident
repeatedly.

--
Suzanne Dawley
IT Security Group
Brown University CIS
Box 1885
Providence, RI 02912

-----Original Message-----
From: Rita Seplowitz Saltz [mailto:rita at Princeton.EDU] 
Sent: Thursday, September 25, 2003 10:37 AM
To: unisog at sans.org
Subject: [unisog] Super-hidden spamming exploits?


Greetings.

We've seen a number of student-owned MS Windows machines exploited by 
spammers, even after the "usual suspects" have been addressed 
(administrator password, backdoors, remote code, spyware, assorted 
viruses) and the systems are believed to have been locked down securely.

Has anyone else seen this kind of thing?  And, if so,  have you any 
helpful insights to offer?

Thanks,

Rita Saltz
[now] Senior Policy Advisor
Office of Information Technology (OIT)
Princeton University
rita at princeton.edu



More information about the unisog mailing list