Being Zombified

Discussion in 'other security issues & news' started by ironiridis, Sep 11, 2006.

Thread Status:
Not open for further replies.
  1. ironiridis

    ironiridis Registered Member

    Joined:
    Sep 11, 2006
    Posts:
    2
    A server I help maintain is getting slammed with prescription drug advertisements on their public bulliten board system. They're too afraid to move on to a better system with a CAPTCHA or some other spam prevention system, so I built a small set of PHP scripts to intercept the posts before they hit the (now hidden) perl BBS script. The scripts filter based on a set of simple words, and institute "blocks," which vary in length based on number of attempts and frequency.

    Anyway. I obviously had a lengthy list of IP addresses, and I set up one of my computers to run nmap scans against them, seeing what I would turn up. Lo and behold, one service consistently appears: tinyproxy running on TCP/53775.

    This leads me to my queston. Is there a common worm or malware which installs tinyproxy on that port? I'd like to use it as leverage when negotiating with ISPs to punch their customers in the head.

    Any help or insight greatly appreciated. Thanks!
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
  3. ironiridis

    ironiridis Registered Member

    Joined:
    Sep 11, 2006
    Posts:
    2
    Right. I know that. I was trying to identify malware which is using Tinyproxy for spam. But nevermind. Thanks.
     
  4. JinxGenius

    JinxGenius Registered Member

    Joined:
    Sep 23, 2006
    Posts:
    13
    Location:
    Internet
    maybe you try to record the process running list once you turn things on?
    see who's bring it out, then we may have something to speak of.

    For a worse of saying, a trojan can use tinyproxy to make flag so he can reconize you again for a port scanning I guess? It's not impossible.
     
Loading...
Thread Status:
Not open for further replies.