Miscellaneous Debris > Tech Corner

SpamBot Virus?

(1/3) > >>

George Richardson:
This has no place on a Weather WebSite, but if I don't get it fixed the boss won't let me play!

While I can't prove it, I expect the boss downloaded some crap installing a very bad spamBot (Cutwail spamBOT) on her computer and thus the network. We have been Black Listed by spamhaus.org (138.210.10.240)

None of my computers show any infection with Norton or Malwarebytes but we must be.

The reason for this post, does anyone know how to Block outgoing mail on Port 25 on a Lynksys WRT54g router. Some things I have read say this will solve the problem.

Any help will be greatly appreciated.

George

ncpilot:
Darn, no responses yet?

Earlier today I looked at the manual for the router on-line, and it's kinda tough to see how to block the port without hands-on. I've got a Dlink, but have worked on Linksys routers--I find the Linksys interface to be really hard to use compared to the Dlink.

If you block port 25, I think that will knock out your email completely. I read that there may be ways to only allow certain programs to use the port, but didn't really see a good set of instructions.

I also found suggestions that Microsoft's malware remover (the one they make available with auto updates) might get rid of that bot...

George Richardson:
Marc,
I've done something and been "delisted" but I'm not sure its because I've gotten it solved or just because her computer has been shut down.

Got a ShinDig today so will be out. If I'm still good when I get home tonight I'll let you know how and what.

If anyone else KNOWS what I should do' don't be shy!

Thanks

George

W Thomas:
I have been in similar situations where I had to change the submission port in my individual email clients.Back when I had Comcast they decided I was a spammer because I moved a lot of data in a days time. I told them the reasoning behind that but they still considered me a spammer.

I changed the mail submission port from the standard 25 to port 26 I believe. In Thunderbird depending on the mail server you may get a Security Mismatch pop up but it's easily gotten through. I would think that if you block network traffic on port 25 you would totally alter your email availability.

No matter how much protection you have there is still no better preventative than "Sensible Browsing" and if it's like my work place you have a full time job
just getting that through to the users ! About once a month I have a cleaning and inoculation of several computers in the building! I feel like the Department of Health sometimes ](*,)

Good Luck

George Richardson:
I hate to type, but here goes.The Boss must have picked up a spamBot virus. Her computer apparently was sending spam crap all over the world. We have Norton antivirus on all 5 of our networked computers. A virus called cutwail spamBot somehow got through our protection. We discovered this when spamhaus.org blacklisted our IP. We read all (most) of their How to get rid of the problem information. We ran Norton full system scan, Microsoft Malicious Software Removal Tool, and Malwarebytes' Anti-Malware on all 5 computers. Nothing showed up so we requested to be de Blacklisted. 30 minutes later we were off the BL! 3 hours later we were back on. Seems none of our anti virus scans found the cutwail. What to do?

Spamhause.org's Composite Blocking List says "If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent outbound port 25 connections to the Internet except from your real mail servers. Please see our recommendations on NAT firewalls" Everything says block OUTBOUND port 25 but nothing says how. I run a Linksys WRT54G wireless router and think is how I THINK I did it.

Use your browser to log into your router. Tab to Access Restrictions. In the Blocked Services section there are 2 drop down menus with "None" in them. In the top menu select SMTP and port 25 will default. Get out and we were good (So Far!) At this point I Hope this blocked outgoing port 25!

To Summerize:

1) Even with a anti virus software you can get infected.

2) We did not know our situation until we were prevented from sending email (Black Listed) by somebody known as spamhaus.org!

3) To clean up the mess can be a BITCH!

I truely hope this doesn't help any of you, that is, I hope you don't get into this mess.

George

Navigation

[0] Message Index

[#] Next page