A Blank message? How?

Ok we have a situation where I work. Our HR person received an inappropriate picture from someone over here in Iraq. The person in question has his company laptop in his room. I checked his sent last message last night and the last one sent was at 9:43pm. Now looking at his delete folder there is a blank message in there, at least two. The strange thing is that the HR person sees the time stamp at 12:20am and that was the time stamp on this blank message.

I asked the person and he says he seen this message in his in box this mourning and seen it was blank and deleted it. Ok he had asked me to look at his Outlook this am before all the stink. This am he says he can’t see the from line on the view screen when Outlook first comes up but I figured that problem out, first time I have really seen it. Somehow in the reading pane the from option was at the far right dragging it back to the left brought it back into view.

My question has anyone every seen a completely blank message with just a time stamp? Is it possible to for someone to send him an email that could possibly resend a message without recording it.

This man is 60 years old and would not of ever sent a picture like that and also he is not very computer literate also note he had to fire an IT tech form over here about 2 months ago and this guy was a programmer.

Thanks
DK

daniels48Asked:
Who is Participating?
 
Shaun84Commented:
It is possible to send emails that have nothing in to and from , i have seen it before , how it is done i am not sure. The ones i have seen tend to be blank but have a coloured background (yellow , red etc...) no text at all.
The persons whos machine it was sent from may have some virus infection or some security hole that allowed someone in,
i would first check for a virus infection and then check if any firewalls or anything has been disabled.

If you have an exchange server that runs the mail it may be worth checking this aswell
0
 
ECNSSMTCommented:
addressing the conspiracy theory first; lets not jump to conclusions point fingers (although the scenario is a possibility) and completely miss the boat that at worse there may possibly be a security breach here.  At best its an incident of unusual SPAMming.  

Just in case its a virus or trjoan, scan the laptop with any AV product.  See if the user has any attachments with code embedded into it.

Have the user change his password, just in case someone knows his password; and the password should be change to something that can't be discovered with a dictionary attack.

If you think that this programmer knows any passwords that can gain him entry to your system as an admin or even normal user, change it.  A matter of fact, if you didn't implement a password expiration scheme for the company, this may be a good opportunity to do it.

Can't think of anything else off the top of my head, but the general idea is you want to outline your threat scenario and take steps to stop any further incursions...  It is going to be backtracking the breach....

Regards,
0
 
war1Commented:
Greetings, daniels48 !

This sounds like programmer fired has put a a trojan virus or rootkit in the computer.  You can reinstall the operating system or try to look for the trojan.  Check for virus and adware

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

Spy Sweeper
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ECNSSMTCommented:
sheesh, gotta read before I press Submit...

I meant

addressing the conspiracy theory first; lets not jump to conclusions by pointing fingers... ugh...
0
 
war1Commented:
daniels48,

Check for Rootkit
Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/try.shtml
0
 
Shaun84Commented:
It could be spam(i thought that aswell) but reading the the post.
There was a sent message from someones machine at same time someone else received it. This open the possibility that on the persons PC that sent the email there could be a viral infection or security whole.
I would remove the machine from the network (incase there is a virus and it spreads through network) run a full virus scan.
0
 
war1Commented:
daniels48, any update?
0
 
daniels48Author Commented:
Well we just found that although the meassage wasn't sent be the users machine I logged onto his account and there was the sent message in question and there was about 50 sent messages so it looks like someone had his email password so I chaged it and I am still looking for another blank message to try and expand the headers. I ran the rootkit and found nothing. I had found another blank message on the web access and opened it and all kinds of activity was happening on the lower left  of my screen I went to my email just to compare and I see nothing happening  below when opening an email online. The user deleted it before I could grab it and expand the headers. Sheesh! Thanks everyone for your help... I ran about four anti virus programes and see nothing also Highjack this didnt show anythin that I could tell. Like I said I finally got the user to leave his mail alone so I can still see if I can capture one of the blank messages before I give hime a new email address.


DK
0
 
daniels48Author Commented:
CLosing this trouble haven't seen any more blank messages and the home office has all the information, hope they try and persue it although I'm not sure if they can find an IP that it was logged into when whoever it was that did this.


Thanks for everyones help
DK
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.