Solved

Client receiving bulk email to his company email address. The emails say that they originated from some else in the company who does not exist.

Posted on 2006-11-15
4
144 Views
Last Modified: 2013-12-04
I have a client who is receiving bulk email bounces "mailer-daemon" or "undeliverable" etc Today he received 4000+ His is the only one within the company that is receiving these emails. The emails state that they were sent from (for example) jeof@bg.com.au which does not exist or is no such employee. All the emails are going to different companies around the world and all come back to his email acount (for example) andrew@bg.com.au. Steps taken so far:

1. Aggressive virus scanning completed - no virues etc found
2. Aggressive spyware scan - none found
3. Reformated workstation - problem still there.

Any advise would be appreciated on what is happening and what can be done. Client is very unhappy and I need some answers to explain the issue in more detail so that they understand, and if the there is a possible solution. I have tried everything I know to resolve this issue, but I now need help. Client is now suggesting going to someone else for help if I can not resolve this.

Kind Regards

TheCat41
0
Comment
Question by:TheCat41
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 400 total points
ID: 17948392
Get a new address.

Resolved.

Somebody collected addresses at his company, so it is also best to scan everybody else, reformat if needed. But all, and I mean it, ALL MS patches and upgrades are critical prior to plugging in to any network.  You get the infection before the patch for it.

From your description, your client is a designated  drop box for someone either validating a maillist or for a later process of dumping spam rejections. Either way, it will take time for that to cycle through the networking world, nothing you can do about that, having no source.

Step one can be to just have the administrator shut it down as spam, to get inbox cleaned. Alternative can be return to sender, that is up to their admin (you?)

If he changes his name slightly and tells friends, then that should be able to have same effect. For example

Change                       To
John Doe                     John P Doe
Jane Doe                      DoeJane
jeof                              Jeff

At this stage, there is no need for major cloaking of persons name. If it hit everyone in company, sometimes it is best to just bite bullet and get a new IP address and Domain
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17949483
You can also help them with confidence by grabbing some quickie personal firewall like ZoneAlarm from ZoneLabs. Benefit is that it filters it both directions. Install it wand permit nothing to leave the PC initially. One at a time add a few that want to get out, ensuring that the program ask your permission. You probably want some DNS and web access.

What you are looking for here is an attempt to use the machine to send mail, which is what the worry is about with all those strange replies. Just to be sure, and my guess is that there will be nothing to be found. If there was then someone is borrowing the HD to make a mailing list. Possible still, if no upgrades installed.

When rebuilding the machine, you have to use the install cd's, erase the partition, and before getting on the network get ZoneAlarm installed to block. All remote access should be denied. User should not login with admin authority over the file system. Then they can get back to their mail and web access.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101044
Forced accept.

Computer101
EE Admin
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Russian pop up ad virus 8 115
Low-cost /freeware IOC tools 4 55
Design of sending events/logs to SIEM/Arcsight 2 111
Using icacls to block access to mstsc, cmd & PowerShell 4 117
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now