Re: [fw-wiz] worm?

One of our support technician's machines is attempting to connect to
random IP addresses on port 25 - in
a pretty needy fashion. He says he's scanned the box with the latest
updates from McAffee and it hasn't
found anything.

We discovered it because one of my basic (meaning I got it off the
'Net) rules for SEC flagged it as a possible PHEL trojan.

Any thoughts?

I think your technician needs to try booting from trusted media and using
more than one type of scanner. The only time we've ever had outbound SMTP
sweeps from a Windows workstation it was botted.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: SID RIP
    ... "Ewan Scott" wrote in message ... though there have been updates). ... any meaning. ... I have given up trying to contact my unit by anythingother than paper. ...
    (uk.rec.scouting)
  • [UPDATED PATCH] vfs: MS_VERBOSE should be MS_SILENT
    ... [I sent out the wrong version of the patch which didn't have my final ... updates to the descriptive text, ... The meaning of MS_VERBOSE is backwards; if the bit is set, ...
    (Linux-Kernel)
  • Re: post-sp4 updates applied to sp3 machine
    ... > hotfixes as they are released for the past couple of years, meaning that all ... Updates using update.exe doesn't really check if it ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • RE: Archiving of old SPS 2003 content?
    ... Out of the box the process is manual; meaning if you have document library ... > make updates the old versions are kept. ... I ran across a PowerPoint that talked about ... > What other archive options are available for SPS 2003? ...
    (microsoft.public.sharepoint.portalserver)