Torpig detection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Midamaru, May 1, 2013.

  1. Midamaru

    Midamaru Private E-2

    Hello people of majorgeeks,

    I have trouble detecting a botnet called Torpig.
    I've received an email (Verified) that my mail server has been blacklisted for spam.
    The mail server was completely scanned from malware and rootkits nothing was found. The next possibility is that there is a infected workstation in my domain that causes the spamming. Strangely in the mail loggings there is not report of any strange mail behaviour, but as i've read the spam won't appear in the mail servers loggings because it uses an own client to mail directly to its destination. Also i've tried to look through my firewall traffic and couldn't find any of the known IP's or strange adresses that Torpig uses. Torpig might use DNS Fluxing which makes it even harder to detect.

    Question: How do i find the infected computer in my domain/network?

    Regards,

    Alex van Velsen
    IT Student
     
    Last edited by a moderator: May 6, 2013
    Midamaru, May 1, 2013
    #1
  2. Midamaru

    Midamaru Private E-2

    Bump, Please help!
     
    Midamaru, May 2, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    This cost you at least another day. You should have read the sticky/pinned threads. Like >> Forum Rules and Guidelines - Do not post HijackThis logs See # 6 in this link.

    Finding one computer, on a network of many, that is spamming requires either trial and error or it requires hooking up a sniffer on your network so that you can find the MAC address of the problem. You can use a tool like the below to help in this regard:

    Wireshark

    This is just one such tool, but probably one of the most powerful. Using it maybe a problem for you though unless you understanding networking and tools like this. Providing support on using a tool like this is outside the scope of the Malware Removal forum. Normally business have network admins to help them with things like this.

    There are quite a few other networking tools that may be helpful. See the below link:

    http://www.majorgeeks.com/downloads39.html
     
    chaslang, May 3, 2013
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds