Viri, Worms, Spyware

Tue May 25 16:52:50 GMT 2004 Viri, Worms, Spyware

I had an incident this week where a proxy server (SME server) was brought to its knees by an excessively high amount of browsing activity. I don't know yet whether this is a virus, a worm, or some particularly screwed up spyware, but by using my Squid log analyzer we were able to see that three machines on the lan were generating an incredible amount of traffic. Interestingly, none of these machines were actually in use; all were sitting at Windows domain login, yet each was making over 1500 web accesses per hour - almost 1 every other second.


Hate these ads?

For the moment, I just had him power these boxes off. Later on they'll be isolated from the network and examined for problems. My hope is that these are just boxes that somehow missed getting virus/Microsoft updates (the company is generally pretty good about keeping on top of these things) and that whatever we have there hasn't spread to other machines.

It's not a bad idea at all to run a proxy server, and eamining the logs now and then can warn you of developing problems.



Comments /Blog/B884.html
Thanks this is a very interesting I enjoyed reading this alot I have a spyware removal board also at http://www.spywareboard.com

--

Interestingly, these same people had yet another network problem last night. I was immediately suspicious of more spyware/virus problems, but after much isolating and testing, it turned out to be a network surge protector!

--TonyLawrence


Add your comments

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Or use any RSS reader

Delivered by FeedBurner


ad

Views for this page
Today This Week This Month This Year  Overall
1418344 2,511

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

pavatar.jpg
More:
       - Blog
       - SME




Unix/Linux Consultants

Your ad here - $24.00 yearly!

larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting


http://thatitguy.com Business networking servers, Linux and Unix experts. In business since 1997! Windows and Exchange to Samba and Scalix migration experts.


http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling









Change Congress


Related Posts

Publish your articles, comments, book reviews or opinions here!