[unisog] Super-hidden spamming exploits?
m.sapsed at bangor.ac.uk
Tue Sep 30 13:28:12 GMT 2003
(catching up on a backlog of mail...)
Rita Seplowitz Saltz wrote:
> We've seen a number of student-owned MS Windows machines exploited by
> spammers, even after the "usual suspects" have been addressed
> (administrator password, backdoors, remote code, spyware, assorted
> viruses) and the systems are believed to have been locked down securely.
> Has anyone else seen this kind of thing? And, if so, have you any
> helpful insights to offer?
We saw a machine a little while back which was smtp'ing to its heart's
content. Turned out an executable called winmgrsvc2.exe had installed
itself, I guess via a nasty webpage/hole in IE. Further diagnosis was
complicated by the fact that the machine was running a Korean version of
Windows! I sent a copy to Sophos and they produced this ide to detect it...
Hope this is of some use to someone!
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the unisog