Spamhaus Blacklising due to Win32/Zbot - need help identifying infected machine.
Posted on 2012-08-15
The network has a standard netgear DG834 router in place and operating systems are a mixture of server 2003, windows XP and windows 7.
Got the spamhaus message today that outgoing mail was blocked because IP address is in CBL. Usually I take a shotgun approach and lock down / scan all the nodes on the network - however according to the spamhaus explanation of the threat this will probably not work with this particular virus as it has a very poor detection rate with current AV software.
It suggests that I "search for TCP/IP connections going to IP address 220.127.116.11 or (less often) 18.104.22.168, usually destination port 80 or 443, but you should look for all ports." How do I go about doing this?
Many thanks in advance