It's quite possible that some of the online sites that you have visited have on-sold your email address to a spammers lists. All it takes is one "bad-egg" and they have your address. Alternatively it may not have been your system that was compromised but one of the sites you visited that has your details. There was even a case years ago where a commerical website was been setup so badly that Google or some other search engine harvested peoples credit card details!! I don't know if there is any Linux "Spyware" in existance but I could be wrong. Maybe if it's written in Java! As for finding and removing someone who has hacked your Linux box through an open service .... there's whole entire books on that subject :( Yep there is a SuSE firewall that you can turn in Yast, if you have the correct packages installed. The packages are probably called SuSEFirewall2 and yast2-firewall. Once they're installed you can go into Yast2 and you can turn it on under "Security and Users > Firewall". You can also run the command "rpm -Va | sort" to verify the integrity of your installed pakages (look for binary entries with a "5" in the first field as this means the programs checksum has changed since it was installed), though there's the chance a skilled attacker could have re-written the checksums. That command might produce a lot of other output so you'll have to sift through it and some of it could be bona-fide changes. If you do find any suspicious entries you can re-install the rpm. Keeping your system fully patched and turning on firewalling is normally a good defense. My guess is though that people probably got your address from those sites your visisted. You never can be too safe though!

-----Original Message----- From: Martin [mailto:martin@martinpower.com] Sent: Tuesday, 30 November 2004 3:18 p.m. To: suse-security@suse.com Subject: [suse-security] intruder in home system 8.2 prof

Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line and now get increased spam from thos type of business. I inquired about credit card fraud and get spam.

Could this mean there is some kind of binary running in my system which sends information about my activities. I've heard about something called spyware.

I believe my system has some kind of suse 8.2 supplied software firewall but don't know where or how to configure it.

How would I find and remove any such unwanted intruder?

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Thanks Mike and GarUlbricht for valuable help. There was no way to know at the time I ordered. (a stomach medicine no longer available here in USA) from an Australian company that they might be involved in spamming. Thanks to you for enlightning me. I'm pretty sure my 8.2 system has firewall running. YaST says yes. I will now try to figure out what it does and how to tweak it. (which files, sources, logs, libs bins? where are they) It seems to be completely passive to the user. Thanks to most list readers, who having nothing to contribute, have the good sense to remain silent, To others: 'tis better to remain silent and be thought a fool than to speak and remove all doubt.