>The last 4 days we've seen something but I dont know what it is.
have the infected machines run AV scanner and also SpyBot. >Has anyone else encountered this and know what it is? > >Thousands of email going out to aol.com address's, hundreds more in the >queue. I'm really, really annoyed by this and the last one I just kinda >almost lost it on the customer for being so f'ing clueless. > >really really ticked They probably don't have their machines patched, are not running any kind of host firewall like ZoneAlarm or BlackIce, nor AV, and/or clicked on an executable. boom my ZoneAlarm logs stats going back through last Saturday, showing blocks: C:\>egrep -c "TCP " "C:\WINNT\Internet Logs\ZALog.txt" 1781 C:\>egrep -c "ICMP " "C:\WINNT\Internet Logs\ZALog.txt" 38059 ICMP is pings to port:0 (they get no response, stealth mode), and the TCP are probes to :135, :139, :1433, :445, :17300, :80, etc, etc. Apart from the spam problem, it's a very nasty place out there. Len
