Re: Best methods for tracing a mass-mailing worm infected workstation on a network?

Discussion in 'Server Networking' started by Dustin Cook, Nov 14, 2009.

  1. Dustin Cook

    Dustin Cook Guest

    BadBoy House <> wrote in news:cd2f12df-c3eb-
    :

    > I've had instances in the past where a workstation has been infected
    > with a mass-mailer worm and whilst I resolved the issue in the end I
    > encountered the following circumstances in relation to the infected
    > workstation:-
    >
    > - no up-to-date anti virus package found any mass mailer worms. I
    > tried Panda, McAfee, Norton.
    > - no port 25 traffic (other than the mail server) was going through
    > the router (I checked all the logs/tables)
    >
    > In the end, via a process of elimination and used malware bytes anti
    > malware to find, and remove the virus.


    It likely wasn't a virus. :) As our software doesn't really deal with
    those. You may wish to consider the commercial/pro version as it offers
    realtime protection against nasties known to it, as well as IP blocking
    of known malicious websites. It's a onetime registration, not a yearly
    deal unless your a company...

    > I'm interested in finding out about any other proven methods for
    > tracking down mass-mailer infected workstations. It seems it can be
    > like finding a needle in a haystack.


    Watching router traffic can often tell you which computer might be
    responsible for consuming a large portion of the bandwidth for spamming.

    > What methods would you suggest?


    Wireshark.



    --
    Dustin Cook [Malware Researcher]
    MalwareBytes - http://www.malwarebytes.org
    BugHunter - http://bughunter.it-mate.co.uk
     
    Dustin Cook, Nov 14, 2009
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Dan R

    Network file organization - REQ info on best methods

    Dan R, Jun 27, 2008, in forum: Windows Vista File Management
    Replies:
    0
    Views:
    263
    Dan R
    Jun 27, 2008
  2. Frances Jones

    I think we are infected with the Spybot worm!

    Frances Jones, Aug 12, 2003, in forum: Windows Update
    Replies:
    2
    Views:
    345
    Linda
    Aug 12, 2003
  3. The Undertaker

    Got infected by a worm thru MSN messenger

    The Undertaker, Mar 7, 2005, in forum: Windows MSN Messenger
    Replies:
    2
    Views:
    283
    Jonathan Kay [MVP]
    Mar 7, 2005
  4. John

    Mass mailing

    John, Sep 26, 2006, in forum: Windows Small Business Server
    Replies:
    2
    Views:
    170
  5. David H. Lipman
    Replies:
    0
    Views:
    778
    David H. Lipman
    Nov 12, 2009
  6. Virus Guy
    Replies:
    4
    Views:
    789
    Virus Guy
    Nov 13, 2009
  7. David H. Lipman
    Replies:
    2
    Views:
    659
    Char Jackson
    Nov 15, 2009
  8. Steve Maudsley

    Mail merge for mass mailing

    Steve Maudsley, Jan 22, 2010, in forum: Windows Vista Mail
    Replies:
    2
    Views:
    203
    VistaRookie
    Jan 23, 2010
Loading...