Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line and now get increased spam from thos type of business. I inquired about credit card fraud and get spam. Could this mean there is some kind of binary running in my system which sends information about my activities. I've heard about something called spyware. I believe my system has some kind of suse 8.2 supplied software firewall but don't know where or how to configure it. How would I find and remove any such unwanted intruder?
It's quite possible that some of the online sites that you have visited have on-sold your email address to a spammers lists. All it takes is one "bad-egg" and they have your address. Alternatively it may not have been your system that was compromised but one of the sites you visited that has your details. There was even a case years ago where a commerical website was been setup so badly that Google or some other search engine harvested peoples credit card details!! I don't know if there is any Linux "Spyware" in existance but I could be wrong. Maybe if it's written in Java! As for finding and removing someone who has hacked your Linux box through an open service .... there's whole entire books on that subject :( Yep there is a SuSE firewall that you can turn in Yast, if you have the correct packages installed. The packages are probably called SuSEFirewall2 and yast2-firewall. Once they're installed you can go into Yast2 and you can turn it on under "Security and Users > Firewall". You can also run the command "rpm -Va | sort" to verify the integrity of your installed pakages (look for binary entries with a "5" in the first field as this means the programs checksum has changed since it was installed), though there's the chance a skilled attacker could have re-written the checksums. That command might produce a lot of other output so you'll have to sift through it and some of it could be bona-fide changes. If you do find any suspicious entries you can re-install the rpm. Keeping your system fully patched and turning on firewalling is normally a good defense. My guess is though that people probably got your address from those sites your visisted. You never can be too safe though!
-----Original Message----- From: Martin [mailto:martin@martinpower.com] Sent: Tuesday, 30 November 2004 3:18 p.m. To: suse-security@suse.com Subject: [suse-security] intruder in home system 8.2 prof
Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line and now get increased spam from thos type of business. I inquired about credit card fraud and get spam.
Could this mean there is some kind of binary running in my system which sends information about my activities. I've heard about something called spyware.
I believe my system has some kind of suse 8.2 supplied software firewall but don't know where or how to configure it.
How would I find and remove any such unwanted intruder?
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Monday 29 November 2004 05:17 pm, Martin wrote:
Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line
So YOUR the one!!! You buy from spammers you reap what you sow. -- _____________________________________ John Andersen
On 11/30/04 3:10 AM, "John Andersen"
On Monday 29 November 2004 05:17 pm, Martin wrote:
Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line
So YOUR the one!!!
You buy from spammers you reap what you sow.
I agree! You buying from them just proves junk mail works for them. So, it's ALL your fault! Hey guys, lets get him!!! ;) -- Thanks, George "The only secure Microsoft software is what's still shrink-wrapped in their warehouse..." (Forno)
On Mon, Nov 29, 2004 at 09:17:51PM -0500, Martin wrote:
Recently I notice a large increase in spam related to recent transactions I've made. I ordered pharmaceuticals on line and now get increased spam from thos type of business.
Given that almost all suppliers of pharmaceuticals online market by means of Unsolicited Bulk Email abuse, it is highly likely that the entity with whom you have apparently done business has added your email address to every mailing list that they run, and has also sold, swapped or otherwise traded your email address with every other unscrupulous bulk emailer that they have a business relationship with. -- Anthony Edwards anthony.edwards@uk.easynet.net
Thanks Mike and GarUlbricht for valuable help. There was no way to know at the time I ordered. (a stomach medicine no longer available here in USA) from an Australian company that they might be involved in spamming. Thanks to you for enlightning me. I'm pretty sure my 8.2 system has firewall running. YaST says yes. I will now try to figure out what it does and how to tweak it. (which files, sources, logs, libs bins? where are they) It seems to be completely passive to the user. Thanks to most list readers, who having nothing to contribute, have the good sense to remain silent, To others: 'tis better to remain silent and be thought a fool than to speak and remove all doubt.
The Wednesday 2004-12-01 at 10:59 -0500, Martin wrote:
I'm pretty sure my 8.2 system has firewall running. YaST says yes. I will now try to figure out what it does and how to tweak it. (which files, sources, logs, libs bins? where are they) It seems to be completely passive to the user.
If Yast says you do have the firewall, just use yast to configure it. It is pretty simple. Just leave everything closed (which is the default, I think). Don't forget to keep your security patches up to date (use YOU). Finally, for spam, I would recommend using SpamAssassin (it is included with SuSE) - ask in the standard list for help if needed; but first, search the archive, it has been asked thousand of times. Finally, read the SuSE manual book (paper preferable, but electronic otherwise), most of these things are explained there. -- Cheers, Carlos Robinson
participants (6)
-
Anthony Edwards
-
Carlos E. R.
-
george
-
John Andersen
-
Martin
-
Mike Tierney