Question

Locked

Found Advanced Mass Sender on clients computer?

By Cudmasters Los ·
I first need to set this small story up, this building that i am talking about has several floors, 8 or 9. This office that i am talking about has its own network. this building has their own IT team, 24 hrs, and has a cleaning staff........

Over the weekend i decided to do some work on my pc, at that location from home via RDP, it's after hours so the office is locked. i RDP into the computer and i get the popup that so and so is currently logged in to the computer, if i log in they will be disconnected. i log in to my account and start setting up a program that i want to test, pc anywhere, all of a sudden i get kicked off, i know immediately that something isn't right, so i try to connect back, i get the pop up that said that i was refused permission to log in, what the "@#$%&!"
I also have a log me in account, so i go to log me in, logged into my admin account, not the account that was running, went to user profiles and changed the password. Right after, i lost connection. they shut down the computer.


This morninig, i had the staff turn the computer on and logged into the computer, it had 2 .txt files on the desktop and one in the documents folder. 2 of the text files were ton's of e-mail addresses, and the other was a story about someone had died and left 10 million dollers, call me and we can split it type of deal, much more proffesionally written. I looked at the history and found they had visited sweetylife.com/smtper, dnsstuff and AMS4.3 installed, Advanced Mass Sender. i tracked down the domain, where the return emails would be sent to, it was in Saudi Arabia


Questions,

What should i do
Does this sound like a inside jobe
How did they get the password to the computer
Could they have telneted into the computer
How did they shut the computer down, can they do that through telnet?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Answers to your questions...

by SmartAceW0LF In reply to Found Advanced Mass Sende ...

>What should i do
Inform the administrator of the network or other appropriate persons of the situation.
>Does this sound like a inside jobe
Could be but it doesn't sound likely.
>How did they get the password to the computer
This is anyone's guess but I would start with so and so.
>Could they have telneted into the computer
Yes they could if the telnet service is enabled, the proper ports freed up in the firewall along with the proper credentials having been somehow established.
>How did they shut the computer down, can they do that through telnet?
Yes indeed they can as it is a simple command line function.

Collapse -

Telnet

by Cudmasters Los In reply to Found Advanced Mass Sende ...

I forgot that i had the management access configured fot telnet and ssh, only one computer has access to the router that way.

Inside job, the password is the samepassword that the it dept had access to at another computer, however i would like to know what your thoughts on why you don't think it was an inside job. This will help me in my investigation!!!

Back to Hardware Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums