Hi Dave-
One possibility:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.s.html
This one opens port 3388 and allows the machine to be controlled via that
port. Presumably, such control could extend to sending emails. There isn't
anything in the description that describes the 4000 emails when you start
SMTP, but once someone is in your server, they can pretty much do what they
like.
So it doesn't sound like exactly what you're experiencing, but maybe it's a
variant, or at least a good lead. Good luck!
-Dave Doherty
Skywaeves, Inc.
----- Original Message -----
From: "groups" <[EMAIL PROTECTED]>
To: <[email protected]>; <[email protected]>
Sent: Monday, February 06, 2006 9:27 AM
Subject: [IMail Forum] URGENT/CRITICAL: Virus opening port 3388
Got a virus on a mail server killing me here.
AVG and Fprot can not find it.
It sends 4k emails as soon as the SMTP service is started on the mail
server.
Blocking port 3388 seems to reduce the amount, but doesn't nail is.
Any ideas, help, URLS is MUCH appreciated.
Dave
-----------------------------------
|Beach Computers |
|Affordable Hosting Solutions |
|http://www.beachcomp.com |
===================================
|Cheap Domain Warehouse |
|Get Your Own Dot! |
|http://www.cheapdomainwarehouse.com|
----------------------------------
------------------------------------
Disclaimer and confidentiality note:
The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records
can be corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been maintained or that it is free of errors, virus, interception or
interference.
________________________________________________________________
This message was sent via the free WebMail system at beachcomp.com.
beachcomp.com is hosted on a Beach Computers web hosting mail server.
Beach Computers web hosting does not condone unsolicited messages.
Please visit http://www.beachcomp.com/TOS.asp for details.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
