Dr. Axel Krebs ----- Original Message ----- From: "Dr. Axel Krebs" <Axel.Krebs@T-Online.de> To: <suse-security@suse.com> Sent: Saturday, May 14, 2005 12:40 AM Subject: [suse-security] cracked system?
Hi!
I am "Newbie", using SuSE 9.1.
So am I!
DSL from T-Online. Xmain Evolution 1.4.6.
Last weeks, I am experiencing mails from unknown people to my email-adresses. Sometimes two or three mails within a few seconds. These are accounts with T-Online, Ginko, Web.de. I looks as "they" knew all may emailadresses.
I've read in the clamav mailing list, that it might be Sober.P So instead of virus spewing zombies, the infected PCs are now probably spam spewing zombies, or waiting for something to turn them into spam zombies. That might be the wrong list. I'm in about 9 mailing lists. Please don't quote me.
I'm asking myself, if there is a general(?) procedure how to get rid off these potential parasites?
These scheme should follow these steps: - analyse - evaluation - proof of solution
Try chrootkit and rkhunter. Tripwire is the best for evaluation. A snapshot. If all else fails...Reinstall or take a wooden baseball bat to the monitor.
QUESTIONS: 1.) Is there a (simple?) way to deciffer... 1.a) who is doing what on my system, 1.b) how do they come there
ANSWERS: 1.) ethereal 1.a) type w at the command line 1.b) You let them in. Clickin' on links or trojan programs. Monitor your internet facing firewall. Deny all, then poke pin-holes.
2.) Does anybody know, how I can "clean" my system, in ideal case without changing Email-Adresses (printed an business cards).
Thereby, I mean: how can I reject unwanted mail?
Why reject? That means your email is active to spammers. Try spamassin.
A simple "How-To", Tutorial or so preferable.
3.) For future, I like to prevent from re-establishing those trash-mails again: how can I prevent unknown people from using "my adresse"?
Get a spam account like mine for the internet and keep your private email addr3ss for business only.
3.a) My fear is, that my emails addresses "travel" uncontrolled. Is there a way to control? (I know, this seems to be naiv)
Look into pgp (pretty good privacy) or gnupgp Sign or encrypt you emails.
3.b) How can I reject unwanted mail?
3.c) Do I need to create positive liste following the thought: who may send me an email (filtering)?
A simple "How-To", Tutorial or so preferable for the above mentioned questions.
Thank you for all useful hints!
(P.S.: as I said: I am newbie)
Again, me too. I'm not tryin' to flame, just answering you e-mail. This is how *we* do it on the west side of the pond. Krack
-- Dr. Axel Krebs <Axel.Krebs@T-Online.de>