> One of our support technician's machines is attempting to connect to
random IP addresses on port 25 - in
> a pretty needy fashion. He says he's scanned the box with the latest

updates from McAffee and it hasn't
> found anything.
> We discovered it because one of my basic (meaning I got it off the
> 'Net) rules for SEC flagged it as a possible PHEL trojan.
> Any thoughts?

I think your technician needs to try booting from trusted media and using
more than one type of scanner. The only time we've ever had outbound SMTP
sweeps from a Windows workstation it was botted.


firewall-wizards mailing list