Getting smashed by Spambot

Discussion in 'Malware Help (A Specialist Will Reply)' started by xsesiv, Jul 28, 2009.

  1. xsesiv

    xsesiv Private E-2

    Hi All,

    For the past two days we have been smashed by some malware internally and keep getting failure to deliver msgs back from axchange where the receiver is checking us against CBL lists and SpamHaus.

    e.g. #550 5.7.1 xxx.xxx.xxx.xxx has been blocked by Spam Haus ##

    When I goto the cbl list and look at the msg I am being advised of the following:

    It has been relisted following a previous removal at 2009-07-28 00:24 GMT

    ATTENTION: At the time of detection, this IP was infected with, or NATting for a computer infected with a high volume spam sending trojan - it is participating or facilitating a botnet sending spam or spreading virus/spam trojans.

    ATTENTION: If you simply repeatedly remove this IP address from the CBL without correcting the problem, the CBL WILL eventually stop letting you delist it and you will have to contact us directly.

    This is the gheg spamBOT


    I am waiting on access to the firewall to block outbound port 25 except where from the mail server but short of this it is driving me mental. Any thoughts on a good tool I can run en-mass to detect and remove this or look for alternative cause. I have researched and researched the web but the most I am getting is to try MS's Malicious Software Remote Tool and this keeps drawing a blank.

    I delisted today and got re-listed 8 hours later. The company as a host of servers and a nubmer of PC's and laptops

    Signed
    Mildly Frustrated
     
    xsesiv, Jul 28, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The only thing we can recommend is that you either run complete malware cleaning procedures on all clients and servers. Or that you setup some way to capture packets so that you can try to locate the offending PCs by disconnecting all devices from the network and slowly add them back one at a time. Each time you find one that is spamming, remove it from the network and clean it and install ALL software updates, especially Windows updates, before reconnecting.

    Our malware cleaning procedures (see below) are posted in the stickies and were sent to you in the email you received when you signed up for an account:

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jul 30, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds