Re: netbot'd ?

To: debian-user@lists.debian.org
Subject: Re: netbot'd ?
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Fri, 2 Feb 2007 16:12:48 -0500
Message-id: <[🔎] 20070202211248.GB14428@titan>
In-reply-to: <[🔎] eq08ss$go7$1@sea.gmane.org>
References: <[🔎] eq08ss$go7$1@sea.gmane.org>

On Fri, Feb 02, 2007 at 03:02:18PM -0600, Hugo Vanwoerkom wrote:
> Hi,
> 
> What do you call having been infected by a program that sends thousands 
> of emails out without you knowing it.?
> 
> Anyway I received via my ISP's email server several emails that claimed 
> my box sent out thousands of emails over the weekend.
> 
> It asked me to open + execute an attached file for an explanation of how 
> to avoid it. (Which I did not)
> 
> Several things were fishy:
> 1. The notes were in English and the ISP is Mexican and the userid 
> Mexican, so why the English?
> 2. The box is firewalled and chkrootkit 0.47 detects noting.
> 3. This is a dialup account, so the IP changes all the time.
> 4. I have tleds installed and I notice no undue activity, but the system 
> runs unattended often.
> 
> But it brings up an interesting question:
> 
> How would you find out if this was the case?
> 

Exim logs?

Reply to:

Follow-Ups:
- Re: netbot'd ?
  - From: Hugo Vanwoerkom <hvw59601@care2.com>

References:
- netbot'd ?
  - From: Hugo Vanwoerkom <hvw59601@care2.com>

Prev by Date: Re: sarge freezes after failure of raid disk, incurring fs corruption on unrelated disk
Next by Date: Re: netbot'd ?
Previous by thread: netbot'd ?
Next by thread: Re: netbot'd ?
Index(es):
- Date
- Thread