Re: Best methods for tracing a mass-mailing worm infected workstation on a network?

Discussion in 'Server Networking' started by Dustin Cook, Nov 14, 2009.

  1. Dustin Cook

    Dustin Cook Guest

    BadBoy House <> wrote in news:cd2f12df-c3eb-
    :

    > I've had instances in the past where a workstation has been infected
    > with a mass-mailer worm and whilst I resolved the issue in the end I
    > encountered the following circumstances in relation to the infected
    > workstation:-
    >
    > - no up-to-date anti virus package found any mass mailer worms. I
    > tried Panda, McAfee, Norton.
    > - no port 25 traffic (other than the mail server) was going through
    > the router (I checked all the logs/tables)
    >
    > In the end, via a process of elimination and used malware bytes anti
    > malware to find, and remove the virus.


    It likely wasn't a virus. :) As our software doesn't really deal with
    those. You may wish to consider the commercial/pro version as it offers
    realtime protection against nasties known to it, as well as IP blocking
    of known malicious websites. It's a onetime registration, not a yearly
    deal unless your a company...

    > I'm interested in finding out about any other proven methods for
    > tracking down mass-mailer infected workstations. It seems it can be
    > like finding a needle in a haystack.


    Watching router traffic can often tell you which computer might be
    responsible for consuming a large portion of the bandwidth for spamming.

    > What methods would you suggest?


    Wireshark.



    --
    Dustin Cook [Malware Researcher]
    MalwareBytes - http://www.malwarebytes.org
    BugHunter - http://bughunter.it-mate.co.uk
    Dustin Cook, Nov 14, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frances Jones

    I think we are infected with the Spybot worm!

    Frances Jones, Aug 12, 2003, in forum: Windows Update
    Replies:
    2
    Views:
    184
    Linda
    Aug 12, 2003
  2. The Undertaker

    Got infected by a worm thru MSN messenger

    The Undertaker, Mar 7, 2005, in forum: Windows MSN Messenger
    Replies:
    2
    Views:
    187
    Jonathan Kay [MVP]
    Mar 7, 2005
  3. David H. Lipman
    Replies:
    0
    Views:
    550
    David H. Lipman
    Nov 12, 2009
  4. Virus Guy
    Replies:
    4
    Views:
    591
    Virus Guy
    Nov 13, 2009
  5. David H. Lipman
    Replies:
    2
    Views:
    479
    Char Jackson
    Nov 15, 2009
Loading...

Share This Page