October 5th, 2009 | 
Author: One of my company computers has been infected with this trojan. This is very troublesome indeed.
Symptoms:-
Your email did not go through and it has been rejected by your customers with spam filters.
From firewall logs, there are many outbound connection using SMTP port 25.
Win32/Cutwail.B [Computer Associates], Win32/Cutwail.C [Computer Associates], Win32/Cutwail.M [Computer Associates], W32/Agent.BOY [F-Secure], Troj/Pushdo-B [Sophos]
Source: Symantec
I did check with cbl.abuseat.org and saw my IP address has been detected with cutwail spambot. From the cbl.abuseat.org detail explaination, I have to clean my network before requesting for de-listing to prevent from re-appearing on the list. Too many request for de-listing will get be being blocked from requesting again in future.
Solutions:
I have not found any symptoms from the firewall logs. The computer probably is turned off.
I will continue monitoring for a few days.
Two days later, I found out that one computer is sending a lot of email. From the log, I think there is a least 10 emails per second. I blocked the SMTP outbound port 25 right away while asking the local IT support to fix the computer.
Appreciate if you have other solutions to this problem.
Tags: Leave a Reply
Cheap WebHosting
| Check Page Rank of any web site pages instantly: |
| This free page rank checking tool is powered by Page Rank Checker service |
