you *should* be able to do virus scan of your network and identify the culprit.
Shauna Hensala > From: [email protected] > To: [email protected] > Subject: RE: Torpig/Anserin/Mebroot infection > Date: Mon, 3 Oct 2011 14:58:42 -0400 > > I did not receive notification from my ISP. I found out about it when I was > corresponding with someone from work on my personal email address and the > email kept getting held. I looked at *why* it was being held and the info > was that it was being held by the CBL.ABUSEAT.ORG block list. They in turn > told me that the external IP of our firewall was listed due to the > Torpig/Anserin/Mebroot traffic. *shrug* > > I'm looking at probably 2-3 dozen computers total in one location. > > > > From: Shauna Hensala [mailto:[email protected]] > Sent: Monday, October 03, 2011 1:53 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > How many machines are we talking about here? All local or some in remote > locations? The ISP did not provide the IP of the device that was > misbehaving? > > > Shauna Hensala > > > > ________________________________________ > From: [email protected] > To: [email protected] > Subject: Torpig/Anserin/Mebroot infection > Date: Mon, 3 Oct 2011 13:22:56 -0400 > So, our external IP is blacklisted because apparently one of our machines is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
