From: Ellen K. 

I just forwarded your experience to the systems guys, thanks.

We are also infested with or being targeted by something that sends email
pretending to be from admin{at}OurCompanyName.com to get people to open it.



On Sun, 21 Aug 2005 23:26:15 -0400, "Geo" 
wrote in message :

>You might want to tell serverguy about something I saw.
>
>One of our downstream ISP's got hit by a worm on a DNS server (the PnP
>exploit thing) an they thought they cleaned it but the next night it started
>spamming. About that same time their second dns server probed one of my
>machines on ports 139, 445, and (I forget now) either 6101 or 7101 which I
>thought a bit strange. So I checked it out and it turned out to be the
>backup exec agent port.
>
>When I told them about it they checked both machines and found both to have
>been rooted and both were fully patched except for the backup agent.
>
>So, either there is a worm that's hitting the backup exec exploit or the
>spammers are actively compromising machines using a backup agent exploit.
>Either way it's now patch or die, times up.
>
>Geo.
>
>"Ellen K."  wrote in message
>news:j73ig11stv4kcpkjvaq5sp0jq3avbvt8c8{at}4ax.com...
>> I sent this to our systems guys when I got it also, no idea whether they
>> pay attention when I forward stuff, but...
>>
>> Meanwhile today when I tried to use our webmail, IE kept trying to go to
>> an address in the 10.xxx.xxx.xxx range (the one it tried to go to is in
>> fact the internal address of our mailserver) so of course I kept getting
>> "the page cannot be displayed"...   After investigating, ServerGuy
>> reported that the Veritas agent had hung a file on the mailserver while
>> trying to back it up and that this supposedly caused the problem.
>>
>> 
>>
>

--- BBBS/NT v4.01 Flag-5