footprints?

Discussion in 'Computer Security' started by RB, Sep 23, 2003.

  1. RB

    RB Guest

    If a person has an virus infected computer that is sending out email using
    email addresses harvested from the address book, will it be detectable to
    the owner/operator that this is happening? Or, do the little nasties do
    their work invisibly so that the operator doesn't have a clue?

    I would think there would be file copies of all the outgoing messages in the
    "sent" folder. You wonder how someone could be unaware their computer is
    busy cranking out thousands of spam emails.
     
    RB, Sep 23, 2003
    #1
    1. Advertisements


  2. There are tell-tale signs, however, they won't be in your "sent" folder.
    The worm/virus has it's own "mailing program", meaning, you have no
    actual control over it, except to remove it. It works automatically and
    independent from your actual email program, such as Outlook.

    You can first scan your machine properly with a quality anti-virus,
    which I believe you know. Then you can check through an MSDOS Command
    Prompt for connections, which this will be limited and only come into
    play when the actual connection is happening.

    c:\> netstat -an <enter>

    This will show connections from/to your machine.

    Another useful tool would be to run a sniffing utility to check and see
    what traffic is coming out of your machine. Look for port 25
    connections, this will indicate a connection to a mail server.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Sep 23, 2003
    #2
    1. Advertisements

  3. RB

    RB Guest

    Good info. Thanks.
     
    RB, Sep 23, 2003
    #3
  4. RB Spilled my beer when they jumped on the table and proclaimed in
    Only evidence would be that the computer might be running slower
    while on the net...
    Not really. Most mass mailer worms now have their own SMTP code
    written into them. In English they're sending the e-mails outside of
    OE or whatever mail program the infected person is using...

    HTH

    NOI
     
    Thund3rstruck, Sep 23, 2003
    #4
  5. RB

    lazimodo Guest

    Depending on the infection, the only indication that you have a problem may
    well be an irate individual in your address book emailing you back telling
    you that they recieved malicious code from your machine.

    Hopefully detected by thier AV software and quarantined. Always keep your
    Windows software updated and have your AV update DAILY, most can do it
    automatically. Also install a firewall and keep it current.

    There are many worthwhile free-ware products that can hold the pimple-faced
    binary progenics at bay. Its the government you really have to worry about.

    Cheers Laz
     
    lazimodo, Sep 29, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
There are no similar threads yet.
Loading...