[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

Bogus virus emails

Can someone explain to me why some of here in this company are receiving emails from people we don't know stating that when we sent them an email it contained a virus?

#1, we have no viruses.

#2, Nobody knows any of these people or email addresses.

Here some examples of one of the emails a lady here at the company just received.

-----Original Message-----
From: Nick [mailto:nick@anyoldplace.COM]
Sent: Friday, November 12, 2004 2:01 AM
To: eserver@thecatinthehat.com
Cc: Administrator@deputydog.org; tgm_ma@deputydog.org
Subject: RE: On Site Training

 

Ok, so if this is how everyone is responding…. Then so be it. If you want the best price on electrical test equipment, IT test equipment, or telephone test equipment. Give me a call directly. I will make sure you get the best pricing. See our web link below for ideas on what we sell I can help you with!

--------------------------------------------------------------------------------

From: owner-tgm_ma@deputydog.org [mailto:owner-tgm_ma@deputydog.org] On Behalf Of Yo Ma Ma
Sent: Thursday, November 11, 2004 2:27 PM
To: marketing@hortonhearsawho.com
Cc: Administrator@deputydog.org; tgm_ma@deputydog.org
Subject: On Site Training

I'm sure you've received lots of trash emails from Dick. So as Paul shared his areas of expertise, allow me to share mine.

(pissiness from author removed)

http://someone-who-is-a-true-believer.home.mindspring.com 



-----Original Message-----
From: Administrator@deputydog.com
[mailto:Administrator@deputydog.com]
Sent: Thursday, November 11, 2004 8:00 PM
To: tgm_ma@deputydog.org
Subject: [MailServer Notification]To Recipient file blocking settings matched and action taken.

ScanMail for Microsoft Exchange has blocked an attachment.

Sender = owner-tgm_ma@deputydog.org
Recipient(s) = tgm_ma@deputydog.org
Subject = Contact list
Scanning time = 11/11/2004 8:00:25 PM

Action on file blocking:
The attachment contact_list5.pif matches the file blocking settings.
ScanMail has Quarantined it.  The attachment was quarantined to C:\Program Files\Trend\Smex\Alert\contact_list541940b292014.pif_.

MyOutlookOnline.com, your MS Exchange Hosting provider, has blocked this attachment for your safety. Executable attachments such as this are often used to transmit viruses.

If you are sure that this attachment is safe, please ask the Sender to rename the attachment (e.g.: change "name.exe" to "name.exe.rename") and resend it.

ACTION: contact_list5.pif/Quarantined
RECIPIENT: tgm_ma@deputydog.org
SENDER: owner-tgm_ma@deputydog.org
SUBJECT: Contact list
TIME: 8:00:25 PM

For more information, go to: http://www.Somewebsite.com

-----Original Message-----
From: JoeMore [mailto:j.more@scoobydo.com]
Sent: Thursday, November 11, 2004 8:10 PM
To: Administrator@deputydog.org; tgm_ma@deputydog.org
Subject: RE: [MailServer Notification]To Recipient virus found and action taken.

Get me off of your list!!!!!

ScoobyDoo, Inc.

j.more@scoobydo.com


-----Original Message-----
From: owner-tgm_ma@deputydog.org [mailto:owner-tgm_ma@deputydog.org] On Behalf Of Administrator@deputydog.org
Sent: Thursday, November 11, 2004 5:05 PM
To: tgm_ma@deputydog.org
Subject: [MailServer Notification]To Recipient virus found and action taken.

ScanMail for Microsoft Exchange has detected virus-infected attachment(s).

Sender = username@xxxxx.com
Recipient(s) = tgm_ma@deputydog.org
Subject = Contact list
Scanning time = 11/11/2004 5:05:25 PM
Engine/Pattern = 7.000-1004/2.244.00

Action on virus found:
The attachment contact_list5.pif contains WORM_NETSKY.S virus. ScanMail has Deleted it.

Warning to recipient. ScanMail has detected a virus.



Any ideas?  The email address of deputydog is someone that has our name, because we do work for him.  Does he have something wrong on his end possibly?  I'm quite sure it is not on our end, but regardless, I must do something to stop this so our company name isn't associated with garbage like this.  Thanks
0
caminator
Asked:
caminator
2 Solutions
 
luv2smileCommented:
Viruses typically spoof e-mail addresses. So you can never rely on the name in the sender field has the person or person's computer that sent you a virus. Therefore you can and will recieve e-mails containing viruses from people you don't know...and sometimes that you do know, but who did not send you the virus.

While your e-mails you posted are very confusing since it seems you have people responding to virus e-mails thinking the person really sent them the virus.

When a comptuer is infected with a virus, the virus typically scans the computer for e-mail addresses and uses these to spoof the sender and from fields. So this dgriffin person could have had his e-mail address on someone's comptuer who knows where that had a virus...that virus spoofed the e-mail of dgriffin to look like it came from dgriffin...and somehow along the way the virus also picked up your e-mail addresss. It is just a huge mixing bowl and at any given time anyone's e-mail address could be listed as the sender or reciever of a virus infected e-mail...and there is really nothing you can do besides protect your systems from the virus itself.

0
 
caminatorAuthor Commented:
Geez...what a pain in the butt.  I have one lady that has gotten about 15 emails in the last 2 hours all regarding virus alerts, from different people, but all of them have some relation to this dgriffin person.

Thanks for the infomation.
0
 
mrrickyjonesCommented:
Unfortunatley because of the spoofing ability, blacklisting addresses and senders will not solve your problem.  The only way to help in this situation is to get some kind of email filtering software.  GFI's mailessentials looks at all incoming messages and scans for viruses and spam content.  There are several products out there that do this.  All of them have a decent price associated with them, but this would be the only simple way to help with your issue.  

Something a little more complicated would be to examing logs on your firewall and determine the IP addresses of the servers that are sending you these messages.  Odds are they are in some 3rd world country that you would never want to receive messages from anyway.  If that was the case you could block those ips from accessing your mail server and maybe cut down the junk that way.

Spam/Virus messages are a plague.  The only thing you can hope for is to get good filtering software and NEVER post your email address on any webpages or submit it to any companies for them to sell
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
KeTruenoCommented:
Just a thought, but you might not want to post those email addresses for the question.  Those are available free to the web (question that is) and you never know where the loathesome spammers might hide out... I'm sure you don't want any more junk mail flowing to you.
0
 
caminatorAuthor Commented:
Nothing I posted had any or our email addresses in it.  Thanks for the heads up however.  We have another company host our email and website.  They have Spamassasin, which picks up most spam, but apparently there is still plenty getting through.

We do not do our own email hosting here, so email filtering wouldn't for us.  Unless I am mistaken...?
0
 
rindiCommented:
A new antispammer method is for the mail server not to accept any mail originating from an unknown user, but to remember that address. If it came from a spammer, he'd try the next time using another sender address, but if the mail came from someone trustworthy, he'll (or his mailserver) will send the message again. If this happens, the server will now now the address and route the message into an folder of the user named "unknown address", or something similar. The User can now decide if this mail is to be trusted or not. If it is he'll enter the address to his trusted addresses, and the next time a message arrives from this client, it will go directly to his normal folder.
0
 
caminatorAuthor Commented:
Rindi:  That sounds interesting.  How would I go about setting that up?  Is it a special program that needs to be running on the mail server, or is it an Outlook setting or something?  Thanks
0
 
huntersvcsCommented:
I think luv2smile had the right idea regarding WHY.  The solution will be a lot tougher.  You should probably send an ALERT message to all adressees in your databank explaining the local problem, ask them to scan their systems for viruses, and then pass the alert on to the addresses in their address books (but try to limit the forwarding to ONE generation, otherwise you've just created your own mass-mailer!).

I myself came to work on a Monday and had over 100 mails that weren't delivered - and I didn't even send them.  Fortunately I could find out what provider had sent them forward and called them.  They (a provider!) admitted that a notebook in their firm had been spamming overnight!  You might want to check that the emails complaining are actually coming from people COMPLAINING and not just a fake SPAM message that is being sent out.

The last company I worked for had this problem for over 90 days and decided to change email addresses for everyone.  It cost a lot, but the problem was solved.
0
 
rindiCommented:
I've heard of people implementing this, which seems to have reduced spam by 90% (Sorry, the spam isn't actually reduced, it just doesn't reach the users). The problem is I don't know which products I'd need to get hold of, to install it, I'm still researching.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now