Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Apr 2005 16:09:59 -0500
From:      Kevin Kinsey <kdk@daleco.biz>
To:        Robert <pcsurplus@sc.rr.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: spam alert
Message-ID:  <425D8AA7.7030504@daleco.biz>
In-Reply-To: <000801c53ffa$7cdb7c20$a9325818@sambo>
References:  <000801c53ffa$7cdb7c20$a9325818@sambo>

next in thread | previous in thread | raw e-mail | index | archive | help
Robert wrote:

>got a message from my ISP saying that my email address 
>was sending out spam, possibly from a trojan on my pc that was 
>allowing a remote program to access my SMTP server and send email 
>without my knowledge. I was shocked since I'm running ZoneAlarm and 
>don't remember getting any alerts about a program accessing my email. 
>I ran Norton's and it didn't find anything. BUT it was blocking a 
>heap of outgoing emails with "sexually explicit content" after I 
>disabled ZoneAlarm. So ZoneAlarm must be blocking them when it is on, 
>but periodically I turn it off because some web pages don't load correctly 
>when I use ZoneAlarm. Well I disabled ZoneAlarm tonight and right away I 
>got popups from Nortons alerting me that there were sexually explicit 
>emails trying to be sent using my mail account, at a rate of about 
>20 per minute! I turned ZoneAlarm back on and immediately it told me
>that IP address 204.152.184.73 was trying to send emails and make a 
>connection with my mail server, which of course I blocked. 204.152.184.73 
>resolves to freebsd.isc.org. what gives?
>  
>

I would suggest that you take your Windows computer to
the nearest a] repair center or b] deep body of water, place
it inside, and hope for the best whilst being prepared to
pay the piper.

I have found neither Zone Alarm nor Norton software to
be of any use whatsoever for protecting a Windows machine
that is connected to any network, anywhere.  Either vigilant
management and constant user re-education, combined with
almost any AV software besides Norton et al, or a *nixlike
firewall with "deny ip from any to winbox" are the only
solutions that seem to work with any degree of guaranteeable
success.

I would certainly agree with the poster who suggested
you contact ISC directly --- possibly something is amiss
there, but there is also no guarantee that the IP address
being fed to ZoneAlarm is spoofed; this is not at all beyond
the means of almost any spammer working today, although
the issue of whether they'd go to the trouble may merit
some debate.

Notwithstanding that, this post is rather OT for this list.

Kevin Kinsey



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425D8AA7.7030504>