Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

High Spam Volume From Trusted Users

Outlook is receiving huge volumes of messages that are shown to be from people I normally accept email from.  The messages that are arriving have old dates on them - all have 2007 dates.

Outlook is being used to download email from an AT&T account.  When I log into the email account using webmail I do not find this large volume of spam.

What could be causing this kind spamming?  
0
crm-serv
Asked:
crm-serv
  • 5
  • 4
  • 4
  • +1
2 Solutions
 
warrenbucklesCommented:
Have you looked at the content of any of the messages to be sure they are spam?

It's possible they aren't spam at all, but messages that were left on the server by your previous mail settings - if Outlook (or another mail application) was set to only download headers but not the body of messages AND the messages were not later deleted, they could have been left on the server.  If you changed how Outlook handles messages so that it now downloads the whole message you could be getting many legitimate, although old, messages.

Your Webmail application may be set to only show unread messages, so the old messages don't show up in your view.  Look at all the folders available on the webmail views - there may be a folder with a large number of messages in it.

wb
0
 
ormerodrutterCommented:
Unless you told Outlook to leave a copy of the email on server otherwise once Outlook downloaded the message it is removed from your mail server. This explains why you didn't see them when you log into your webmail because they are now in your Outlook and have been removed from server.

Check the header of the message. The FROM address may have been spoofed (i.e. it shows the message is originated from personA but actually from someone else - typical virus infection on the offending computer).
0
 
crm-servAuthor Commented:
If the messages are coming from an infected external source what can be done to block them?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Press2EscCommented:
check the mail header and determine the real SENDER/ORIGNATORs IP address. Block the IP, research (*) the IP & (if applicable) report the offenders IP.

P2E

(*) http://www.mxtoolbox.com/blacklists.aspx?IP=x.x.x.x
0
 
warrenbucklesCommented:
I'm still not sure you are seeing spam/malware.  

This is similar to a situation I had a few years ago:  For about a year - Outlook was set up to leave messages on the server and only remove messages I explicitly deleted.  Everything worked just fine - then I noticed I had set the 'leave messages on server' flag.  I unchecked it and got a flood of 'old' e-mail. (hundreds of messages - it took quite a while to download them all).  This sounds like the situation you are describing.  However, my AV software didn't flag the messages as spam.

Are these messages being flagged as infected by your AV software?

If so, what is the payload's identity?

P2E's suggestion is a good one - unfortunately most spam originates from botnets and has a wide range of originating IP addresses - assuming the originating IP address isn't spoofed.

I'm really puzzled by the dates on your messages - spam/malware from 2007 seems a bit outdated and I'm not sure what the motivation of a spammer would be to use dates like this - it should be easy to block using a date-sensitive filter - reject all messages with 'sent' dates older than, say, three days ago.

wb
0
 
crm-servAuthor Commented:
Thank you both for the input.  I hope by end of this week to be able to test the procedures and ideas you both have proposed.  I will post findings here.
0
 
crm-servAuthor Commented:
I found that Outlook was set to save messages on the server.  IPs for the old messages being downloaded seem to be valid but vary.

Also I am now seeing that the PC freezes when accessing the same email account by webmail.

I have recommended to the owner that we restore using the factory image for his system.  

Any concern with that approach with what I have been able to supply as symptoms.
0
 
Press2EscCommented:
Of course, if you do not back up the users data, when you restore you will lose it... The PC freezing and webmail/Outlook issues are likely not directly related.  

You can check the (PC) Task Manager to assess the system resources and running processes, have would also update/run their antispyware pgm, check msconfig for unneccesary or questionable startup files, etc...

P2E
0
 
warrenbucklesCommented:
Rolling back to the original configuration is a pretty drastic solution.  As P2E says, it will wipe out all user settings, data and software installed after the system was received.  In some cases it is the only solution - when a system is corrupted by failing hardware or severe malware infection (root kits, for example, although a reinstall may not remove some particularly nasty root kits).

I agree with P2E: the system sounds like it is running under a very heavy load.  You might want to wait on the reload until you have a better idea of the cause of the problem - if the system is just overloaded reloading the OS will not fix the problem.

I don't know how your system is setup - could you let us know what you have (Make/XP or Vista/CPU/RAM/HDD)?

Start Task Manager after the system is booted but not running anything besides the normal startup programs.  Look at the 'Performance' tab - see how much CPU load you have and what the memory usage is.  The TM graphic displays are a little  different in Vista and XP, but the text-based data in the 'Processes' tab shows the CPU time each process is using - you can sort by CPU time and see if one is hogging things (the idle process will always be on top - a computer spends most of its life waiting for something to do).

Once you have an idea of the system at idle, launch Outlook or your Webmail app and see if the freezeup is actually a case of the system getting loaded to the max and becoming unresponsive.  High system loading will slow down the Task Manager display update but you should be able to see some changes, albeit slowly.  If it's a real freezup the Task Manager displays won't  update at all, of course, and the 'Vulcan nerve pinch' Ctrl-Alt-Del combination will be ineffective.

If you have a real freezeup, a reload of the system software may or may not fix it - if it's happening in Outlook only you could reinstall Outlook.  Some system freezes in Webmail applications are caused by Internet Explorer toolbar applications (Yahoo toolbar apps, for example) - turn these off and see if that helps.

As far as other software goes, msconfig (do Start-Run-msconfig) is useful if you want to prevent some programs/services to start at boot up.  In order for it to be effective you have to know what to look for - here's a tutorial on MSCONFIG:

http://www.netsquirrel.com/msconfig/msconfig_xp.html

and a more exhaustive description from Microsoft:

http://support.microsoft.com/kb/310560

Both of the above are directed at XP - if you have Vista there are other sites that would be useful - just Google on MSCONFIG.

wb
0
 
Press2EscCommented:
Task Manager 201...
  click on the Processes tab.  there may be several column headings (e.g., Image Name, PID, USer name, CPU, Memory Usages, etc) - click on CPU letters 2x. In percentage of CPU resources, you will what resource(s) are taking up the CPU horsepower...  If System Idle Process is the 90's, your likely NOT a running process.

At the very bottom of the Task Mgr Window, what numbers are listed at "Processes:" and "CPU Usage:"??

P2E
0
 
crm-servAuthor Commented:
Thanks, I'll followup with the guidance you have provided.
0
 
crm-servAuthor Commented:
I am sorry to say that owner of the problem PC opted out on trying to solve the problem.

I thank you for what I consider to be very helpful guidance in an effort to correctly diagnose and fix the underlying problem.

I believe you provided clear and accurate suggestions for a solution and I regret that we could not confirm the results.

Again thank you all for your help with this.

crm-serv
0
 
Press2EscCommented:
It happens...  and understandably so.  PC issues can be extremely expensive & frustrating for non-technical and business end-users.  kinda, like a car that intermittently start up each time you turn the ignition key.   P2E
0
 
warrenbucklesCommented:
' kinda, like a car that intermittently start up each time you turn the ignition key.  '

Yes, but you shouldn't replace the engine when that happens!
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 5
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now