SteadySystems
IS-IT--Management
I was recently notified from Spamcop that one of the computers on my network is sending spam. We have about 10 computers here and I emailed him back and asked how I find the problem PC and he said to use netstat -a but I have no clue what I am looking for when I use that cmd or how to detect it. Can anyone help?
Here is the pasted conversation from Spamcop:
Spamcop: "If you watch, you'll see a machine that is behaving anomalously; it'll be sending way more packets than it needs for what it's actually supposed to be doing."
Me: "I went to one of the machines, typed netstat -a and it just says listening, established. There is no visible activity (anything moving). How do I detect?"
Original email from SpamCop:
*****************************
This IP is sending spam. Please see the partial headers I have pasted
below.
If this is your IP/server, then there are several possible causes.
Your network may be infected by a virus, worm, trojan, spyware or
other malware. You need to find the compromised machine, disconnect it,
and disinfect it.
Your network may have an insecure server being used by spammers
(often called an open relay).
Your network may have a server exploit such as an insecure cgi or
PHP script.
Your network may have an open proxy, or an SMTP AUTH issue, where
the spammer has cracked a name/password pair.
Be aware that some exploits and infections may install their own SMTP
software and send spam without using the local mailserver. Because of
the variety of ways that spammers exploit vulnerable networks, you
cannot depend on your mailserver logs to determine the source of the spam.
If this IP/server belongs to your ISP/hosting company, then you must
contact them for help. The people responsible for the server are the
only people who can find the problem and make the spam stop.
Received: from unicomglobal.com ([71.103.246.136])
by [trap servername] with ESMTP; 06 Oct 2008 19:xx:xx -0700
Date: Mon, 6 Oct 2008 18:xx:xx -0800
From: =?koi8-r?B?IuzAxM3JzMEi?= <x@x>
Subject: =?koi8-r?B?7MDCz8UgwsXa1c3T1NfPIMnT0M/MzsXOzyDaxMXT2A==?=