A server I help maintain is getting slammed with prescription drug advertisements on their public bulliten board system. They're too afraid to move on to a better system with a CAPTCHA or some other spam prevention system, so I built a small set of PHP scripts to intercept the posts before they hit the (now hidden) perl BBS script. The scripts filter based on a set of simple words, and institute "blocks," which vary in length based on number of attempts and frequency. Anyway. I obviously had a lengthy list of IP addresses, and I set up one of my computers to run nmap scans against them, seeing what I would turn up. Lo and behold, one service consistently appears: tinyproxy running on TCP/53775. This leads me to my queston. Is there a common worm or malware which installs tinyproxy on that port? I'd like to use it as leverage when negotiating with ISPs to punch their customers in the head. Any help or insight greatly appreciated. Thanks!