Improve company productivity with a Business Account.Sign Up

x
?
Solved

Spam or system attack - strange email

Posted on 2004-04-12
11
Medium Priority
?
299 Views
Last Modified: 2010-04-11
Hi!

I got a strange email today. Within this email is a link to a site I own, but as far as I can see, the link goes to a url on my server that does not exist.
I don't want to share too much information about this issue right here now. Would somebody assist me with this problem privatly? I already talked to my server admins about this, but I'd like to have a 2nd opinion.

I don't know if it's common to keep things private here, but I'm very concerned and don't want to share info to too many ppl (atm).

Greetings,

su-n
0
Comment
Question by:su-n
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10806721
Hey have you checked the IP address from where the email has come looking at the header of the email ..

May be a spam but looking at that email, your system admin would be a better to position to  know where it has come from and what it is..

Check for virus and spyware in your system since you had checked that email and possible spyware got downloaded by that link ..
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10806832
0
 
LVL 1

Author Comment

by:su-n
ID: 10806886
The mail is Virus/Spyware free. What I'm beeing concerned about is that my url is in this email and I don't want others to get such a email with my server beeing abused.
Thanks for the links.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
LVL 49

Expert Comment

by:sunray_2003
ID: 10806894
Have you not figured out yet who has sent you that email ?

Only somone who knows about this url would have sent it .. or it might be some worm spamming all inboxes with the email and your link. Make sure there is anti-spam software installed ... Talk with your system admin
0
 
LVL 1

Author Comment

by:su-n
ID: 10806924
as your writing about "inbox" ... the url is:
www.URL.de/inbox/EMAIL.NAME/read.php?sessionid-28973 
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 600 total points
ID: 10806937
Are you using microsoft exchange or outlook web access ? I donot think anyone can check your inbox until they have logged into it with username and password of yours
0
 
LVL 1

Author Comment

by:su-n
ID: 10806967
My server is a Redhat server, at home I use Outlook 2003. But I have a Web-based Email disabled for all domains on the server.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 10807572
> Would somebody assist me with this problem privatly?

not permitted

> I don't want to share too much information about this issue right here now.

wise

> if it's common to keep things private here

This is (necessarily) public

> the link goes to a url on my server that does not exist.

Possible programming bug or red herring (often for spam, but if not, you'f best check, and recheck your internal security, especially if you've got ftp inbound.  It could be guesswork, but you've not indicated that.

>  I don't want others to get such a email with my server beeing abused.

Publication of EM addy is like solicitation of spam through harvester.
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 200 total points
ID: 10807591
> I already talked to my server admins about this, but I'd like to have a 2nd opinion.

Of course, you could give us a little something on their opinion to give us a better idea about what's going on there.
0
 
LVL 5

Accepted Solution

by:
Luniz2k1 earned 1200 total points
ID: 10807958
This is the work of the W32.Netsky.P@mm worm.  It sends out e-mails with contents such as:

If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
www.yourdomainnamehere.com/inbox/someuser/read.php?sessionid-5935

The e-mail message has an attachment on it that contains the worm also.  I have received many e-mails from this worm and Norton A/V has cleaned it every time.  I work at a plant that has 800+ employees and 350+ client PC's and many of them have called asking about these e-mails.  As long as your A/V is up to date, you have nothing to worry about.
0
 
LVL 1

Author Comment

by:su-n
ID: 10809059
Yes, that's exactly what the msg looks like! Thanks.

How is this message with "yourdomainnamehere.com" and "/someuser" generated? Does that mean, I am infected? I don't think so, coz my nav is updated regularly as well as I scan my drives regularly, too.
Or does it mean, s.o. who has my info on his computer is affected? Or does this worm crawls websites and catches email addys?

>SunBow: no guesswork, definately.

Thanks a lot for all your help!
0

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question