Advanced Mass Sender On Client’s Computer

Home Forums Security General Security Advanced Mass Sender On Client’s Computer

Viewing 1 post (of 1 total)
  • Author
    Posts

  • Kobe 310
    Member
    #155863

    I first need to set this small story up, this building that i am talking about has several floors, 8 or 9. This office that i am talking about has its own network. this building has their own IT team, 24 hrs, and has a cleaning staff……..

    Over the weekend i decided to do some work on my pc, at that location from home via RDP, it’s after hours so the office is locked. i RDP into the computer and i get the popup that so and so is currently logged in to the computer, if i log in they will be disconnected. i log in to my account and start setting up a program that i want to test, pc anywhere, all of a sudden i get kicked off, i know immediately that something isn’t right, so i try to connect back, i get the pop up that said that i was refused permission to log in, what the “@#$%&!”
    I also have a log me in account, so i go to log me in, logged into my admin account, not the account that was running, went to user profiles and changed the password. Right after, i lost connection. they shut down the computer.

    This morninig, i had the staff turn the computer on and logged into the computer, it had 2 .txt files on the desktop and one in the documents folder. 2 of the text files were ton’s of e-mail addresses, and the other was a story about someone had died and left 10 million dollers, call me and we can split it type of deal, much more proffesionally written. I looked at the history and found they had visited sweetylife.com/smtper, dnsstuff and AMS4.3 installed, Advanced Mass Sender. i tracked down the domain, where the return emails would be sent to, it was in Saudi Arabia

    Questions,

    What should i do
    Does this sound like a inside jobe
    How did they get the password to the computer
    Could they have telneted into the computer
    How did they shut the computer down, can they do that through telnet?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: