Cybersecurity

Hello,

Three of our machines at work were sending out SPAM on the internet. 2 of them were so old I knew that the hackers just exploited the vulnerabilities in the old systems. The cause of concern is that one one of the machines is a new Centos 5.3 box.The only proof we have is that 4-6 emails were send by root on this system whereas the other two had 30,000 emails sent.

We are running sendmail-8.13.8-2.el5 on the Centos 5.3 box. It is configured to listen just locally so that it is secure. Do you think root was compromised on this CENTOS 5.3 box?

Turning a machine into a spamzombie is usually a combination of exploiting vulnerabilities on the target machine and a dictionary attack on one of the users. The attack may also include the installation of its own little mail server. In other words, a large part of such an attack is script driven and if this happened to you, you may be able to find something in the logs just prior to when the first email was sent. Note that once an attacker is inside the DMZ, it matters little whether the other nodes are up to date with the latest software or not.

Were the "other two" systems unix systems or M$ ?

Is your LAN connected to the Internet without a firewall and without an email proxy server?

They were behind a firewall and they were old UNIX machines though. No proxy server being used. I think we should use one...