bugzilla-packageList<\/a>\n<\/p>\nI’ll be pointing the authorities to it and providing any other logs required to track down the responsible party.<\/p>\n
\r\nDear Carl\r\n\r\nPlease read this message carefully.\r\n\r\nYou are receiving this email because you are responsible for IP\r\naddress 66.152.65.7\r\nhttps:\/\/bugzilla.colliertech.org\/cgi-bin\/bugzilla\/index.cgi\r\n\r\nThe machine at this address has been hijacked, and an extra process\r\ncalled \"tswapd\" has been installed.\r\nThis process is running many web sites as shown by these URLs:\r\n\r\nhttp:\/\/66.152.65.7:8080\/p\/images\/weship.gif\r\nhttp:\/\/66.152.65.7:8080\/legalrx\/images\/logo.gif\r\nhttp:\/\/66.152.65.7:8080\/usd\/images\/logo.gif\r\nhttp:\/\/66.152.65.7:8080\/rolex\/images\/logo.gif\r\nhttp:\/\/66.152.65.7:8080\/caviar\/images\/main_logo.gif\r\n\r\nAction required\r\n\r\n1. locate the machine at this IP address\r\n2. change the root and any administrator passwords to make them more secure\r\n3. shutdown the machine, and restart\r\n\r\nAlternatively, you can issue the commands to display the process id and kill it:\r\n\r\nps wax | grep \"tswapd\"\r\nkill <pid>\r\n [where <pid> is the process-id displayed by the ps command]\r\n\r\nIf you are not the administrator, please forward this information to\r\nthe administrator.\r\n\r\nTo help you locate the hijacked machine, use this link\r\nhttp:\/\/www.dnsstuff.com\/tools\/tracert.ch?ip=66.152.65.7\r\n\r\n\r\nThank you from the Pharmacy Alert Security Team\r\nFor more information view\r\nhttp:\/\/pharmalert.zoomshare.com\/ and http:\/\/spamhater.zoomshare.com\/2.shtml\r\n\r\n<\/pre>\n\n