After being in Chicago visiting family for a few days, I got up this morning planning to get onto the Computrainer and do some long interval work on the TT bike and catch up on the Tour of Germany coverage.
My CT runs off of a box that I also use for my server. So I log in and immediately notice a few files on my desktop. They're text files which I opened to discover contained thousands of email addresses. Thirty-five megs of them, and a bunch of other crap on the desktop. I'm totally puzzled by this, but shortly things start to make sense. My router has been on the fritz for the last week or so. It kept crapping out on me. I run a virus and spyware scan - nothing comes up. I look at the other crap on the desktop and what processes are running. Besides the indexer process (which is rather busy...I didn't even really want it on), nothing looks bad. I do notice that there's another TS session running disconnected. I connect to it and it's running a program called DarkMail - which I discover is a remote mailer that sends spam and it's certainly busy. So I killed it, cleaned up all the crap, changed all the passwords, and close all the ports on my firewall. I'll deal with the rest later. It could have been worse - from what I could tell, nothing particularly malicious was done.
So what happened? Well, I'll just admit I was a little careless. I have remote desktop and ftp open on the firewall (turns out FTP was being hammered by bad requests as well...sigh...) so I can access the machine remotely. In-and-of-itself, this isn't too bad but in conjunction with that my passwords on the machine weren't strong enough and somehow they managed to crack them. Stupid stupid stupid. Don't let it happen to you!