Being Zombified

A server I help maintain is getting slammed with prescription drug advertisements on their public bulliten board system. They're too afraid to move on to a better system with a CAPTCHA or some other spam prevention system, so I built a small set of PHP scripts to intercept the posts before they hit the (now hidden) perl BBS script. The scripts filter based on a set of simple words, and institute "blocks," which vary in length based on number of attempts and frequency.

Anyway. I obviously had a lengthy list of IP addresses, and I set up one of my computers to run nmap scans against them, seeing what I would turn up. Lo and behold, one service consistently appears: tinyproxy running on TCP/53775.

This leads me to my queston. Is there a common worm or malware which installs tinyproxy on that port? I'd like to use it as leverage when negotiating with ISPs to punch their customers in the head.

Any help or insight greatly appreciated. Thanks!

 

I don't think its malware. Tinyproxy's website: http://tinyproxy.sourceforge.net/

 

Right. I know that. I was trying to identify malware which is using Tinyproxy for spam. But nevermind. Thanks.

 

maybe you try to record the process running list once you turn things on?
see who's bring it out, then we may have something to speak of.

For a worse of saying, a trojan can use tinyproxy to make flag so he can reconize you again for a port scanning I guess? It's not impossible.