Windows: November 2006 Archives

A public apology to the internet as a whole...

By Kyle Brantley on November 3, 2006 2:19 PM | | Comments (0)

About two weeks ago, my sister was hit by an IM worm. "hey - i've got pictures of the group" from a good friend. Clickey clickey, bam, trojan'd. This happened relatively late at night, so the following evening she came down and asked me to fix it. A recap of what I found:

  • Eight programs that phone home, download binaries, and run them
  • Seven trojans/backdoors
  • Eleven random viruses
  • One spambot

Note the italics.

As I was cleaning the system out (before I knew of the spambot), I noticed the wireless connection was in heavy use. I didn't think too much about it, as it had several viruses on it then, but I also needed the networking in order to properly clean the system. It wasn't until I tried Trend Micro's Housecall service that I really looked into the networking problem, and noticed four packets sent for every one recieved.

Oops.

I grabbed a laptop, fired up an SSH session to my router, and then started the tcpdump. I must admit, while I hate spam, it was sending a seriously impressive volume of spam per minute. I reset tcpdump to only output data headed to :25/tcp remote, and it was connecting to a good fifty different servers per minute. Fifty different servers per minute. That's a ton of spam, and it was all going over my home cable connection.

I decided I had better fix that little problem quickly, and that meant an iptables rule. Behold the results:

pkts bytes target     prot opt in     out     source               destination>
5488  263K DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:25

5488 different connection attempts in a matter of minutes. That's a lot of spam.

What scares me is that this was just one computer on a home residential computer. If my sister was hit with this worm, that means her friend also has it. And due to the nature of the IM networks, that likely means everyone my sister knows, and everyone of them and all of their contacts, also have this spambot churning out e-mail to the public as a whole.

Did I mention that's a lot of spam?

So, internet, sorry for not selectively blocking :25/tcp outbound in the first place. Sorry for sending out more spam in minutes than I get legit e-mail in three weeks. Oh, and sorry for having family members that don't know *nix. On the flip side, I have yet to see a good MSN client for *nix that features audio and video chat too, so until you can get me (or rather, my sister) that...

« Windows: September 2006 | Main Index | Archives | Windows: February 2007 »

About this Archive

This page is a archive of entries in the Windows category from November 2006.

Windows: September 2006 is the previous archive.

Windows: February 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Windows: November 2006: Monthly Archives

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.0