Re: [fw-wiz] worm?

FirewallWizards

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [fw-wiz] worm?

from [Paul Melson]

[Permanent Link][Original]

To:	"'Firewall Wizards Security Mailing List'" <firewall-wizards@listserv.icsalabs.com>
Subject:	Re: [fw-wiz] worm?
From:	"Paul Melson" <pmelson@gmail.com>
Date:	Thu, 1 Feb 2007 17:03:48 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	fwwizards-list2@consult.net
Delivered-to:	firewall-wizards@listserv.icsalabs.com
In-reply-to:	<3c4611bc0702011045q66c03488wf608861119ecbd2d@mail.gmail.com>
List-archive:	<https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help:	<mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id:	Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post:	<mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
References:	<3c4611bc0702011045q66c03488wf608861119ecbd2d@mail.gmail.com>
Reply-to:	Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender:	firewall-wizards-bounces@listserv.icsalabs.com
Thread-index:	AcdGR+dEQcxyS7hBSz2nnpBkNKzEHwABKzMA

> One of our support technician's machines is attempting to connect to
random IP addresses on port 25 - in 
> a pretty needy fashion. He says he's scanned the box with the latest
updates from McAffee and it hasn't 
> found anything.
>
> We discovered it because one of my basic (meaning I got it off the
> 'Net) rules for SEC flagged it as a possible PHEL trojan.
>
> Any thoughts?

I think your technician needs to try booting from trusted media and using
more than one type of scanner.  The only time we've ever had outbound SMTP
sweeps from a Windows workstation it was botted.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[fw-wiz] worm?, Brian Loe Re: [fw-wiz] worm?, Paul D. Robertson Re: [fw-wiz] worm?, Francois Yang Re: [fw-wiz] worm?, Julian M. Dragut Re: [fw-wiz] worm?, Paul Melson <= Re: [fw-wiz] worm?, Brian Loe Re: [fw-wiz] worm?, Paul D. Robertson Re: [fw-wiz] worm?, Steven M. Bellovin Re: [fw-wiz] worm?, Brian Loe Re: [fw-wiz] worm?, Chris Myers

Previous by Date:	Re: [fw-wiz] worm?, Julian M. Dragut
Next by Date:	Re: [fw-wiz] worm?, Brian Loe
Previous by Thread:	Re: [fw-wiz] worm?, Julian M. Dragut
Next by Thread:	Re: [fw-wiz] worm?, Brian Loe
Indexes:	[Date] [Thread] [Top] [All Lists]