[CS-FSLUG] How could this be happening

[Tim Young]

I have removed a number of spam-sending agencies off Linux computers.  
The majority of them came in through vulnerabilities in web-servers, but 
I have seen them come in through ssh servers and a few other routes.  
Most of them would have been classified as worms, and the others were 
the result of malicious human attackers (script-kitties).

I have also seen ISPs contact people who were sending out spam, 
notifying them that something on their network was doing that.  All that 
portion of your sister's report is something I have run into 
previously.  Most spam reporting engines blacklist the IP address, not 
email address, but a non-technical user would not really understand the 
difference.

If you happen to have a recent email from her, you could probably look 
at the headers to find the IP address that she has on her computer, and 
plug that IP address into: http://www.mxtoolbox.com/blacklists.aspx  If 
she has had that IP address for long enough then you may actually be 
able to see a copy of one or more of the emails being sent out of the 
computer.

Removing a spam-sending agency from a Linux computer is often relatively 
easy, if you can find it.  The problem is that it is usually a lot more 
effort than one would expect, and having a non-techie person trying to 
remove it is a real pain.  If you can ssh into her computer, then you 
can probably clean it off in no time.  But if it is going to be up to 
her to do it, her best bet would be to do a fresh reinstall (making sure 
she updated her computer).

I would treat her request, and the request from Road Runner as being valid.

     - Tim Young

On 5/11/2010 7:05 PM, David McGlone wrote:
> Hi all, About a year ago I installed Kubuntu on my sisters computer. Today she
> sent me this.....
>   (snip)
>