crm-serv
asked on
High Spam Volume From Trusted Users
Outlook is receiving huge volumes of messages that are shown to be from people I normally accept email from. The messages that are arriving have old dates on them - all have 2007 dates.
Outlook is being used to download email from an AT&T account. When I log into the email account using webmail I do not find this large volume of spam.
What could be causing this kind spamming?
Outlook is being used to download email from an AT&T account. When I log into the email account using webmail I do not find this large volume of spam.
What could be causing this kind spamming?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If the messages are coming from an infected external source what can be done to block them?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm still not sure you are seeing spam/malware.
This is similar to a situation I had a few years ago: For about a year - Outlook was set up to leave messages on the server and only remove messages I explicitly deleted. Everything worked just fine - then I noticed I had set the 'leave messages on server' flag. I unchecked it and got a flood of 'old' e-mail. (hundreds of messages - it took quite a while to download them all). This sounds like the situation you are describing. However, my AV software didn't flag the messages as spam.
Are these messages being flagged as infected by your AV software?
If so, what is the payload's identity?
P2E's suggestion is a good one - unfortunately most spam originates from botnets and has a wide range of originating IP addresses - assuming the originating IP address isn't spoofed.
I'm really puzzled by the dates on your messages - spam/malware from 2007 seems a bit outdated and I'm not sure what the motivation of a spammer would be to use dates like this - it should be easy to block using a date-sensitive filter - reject all messages with 'sent' dates older than, say, three days ago.
wb
This is similar to a situation I had a few years ago: For about a year - Outlook was set up to leave messages on the server and only remove messages I explicitly deleted. Everything worked just fine - then I noticed I had set the 'leave messages on server' flag. I unchecked it and got a flood of 'old' e-mail. (hundreds of messages - it took quite a while to download them all). This sounds like the situation you are describing. However, my AV software didn't flag the messages as spam.
Are these messages being flagged as infected by your AV software?
If so, what is the payload's identity?
P2E's suggestion is a good one - unfortunately most spam originates from botnets and has a wide range of originating IP addresses - assuming the originating IP address isn't spoofed.
I'm really puzzled by the dates on your messages - spam/malware from 2007 seems a bit outdated and I'm not sure what the motivation of a spammer would be to use dates like this - it should be easy to block using a date-sensitive filter - reject all messages with 'sent' dates older than, say, three days ago.
wb
ASKER
Thank you both for the input. I hope by end of this week to be able to test the procedures and ideas you both have proposed. I will post findings here.
ASKER
I found that Outlook was set to save messages on the server. IPs for the old messages being downloaded seem to be valid but vary.
Also I am now seeing that the PC freezes when accessing the same email account by webmail.
I have recommended to the owner that we restore using the factory image for his system.
Any concern with that approach with what I have been able to supply as symptoms.
Also I am now seeing that the PC freezes when accessing the same email account by webmail.
I have recommended to the owner that we restore using the factory image for his system.
Any concern with that approach with what I have been able to supply as symptoms.
Of course, if you do not back up the users data, when you restore you will lose it... The PC freezing and webmail/Outlook issues are likely not directly related.
You can check the (PC) Task Manager to assess the system resources and running processes, have would also update/run their antispyware pgm, check msconfig for unneccesary or questionable startup files, etc...
P2E
You can check the (PC) Task Manager to assess the system resources and running processes, have would also update/run their antispyware pgm, check msconfig for unneccesary or questionable startup files, etc...
P2E
Rolling back to the original configuration is a pretty drastic solution. As P2E says, it will wipe out all user settings, data and software installed after the system was received. In some cases it is the only solution - when a system is corrupted by failing hardware or severe malware infection (root kits, for example, although a reinstall may not remove some particularly nasty root kits).
I agree with P2E: the system sounds like it is running under a very heavy load. You might want to wait on the reload until you have a better idea of the cause of the problem - if the system is just overloaded reloading the OS will not fix the problem.
I don't know how your system is setup - could you let us know what you have (Make/XP or Vista/CPU/RAM/HDD)?
Start Task Manager after the system is booted but not running anything besides the normal startup programs. Look at the 'Performance' tab - see how much CPU load you have and what the memory usage is. The TM graphic displays are a little different in Vista and XP, but the text-based data in the 'Processes' tab shows the CPU time each process is using - you can sort by CPU time and see if one is hogging things (the idle process will always be on top - a computer spends most of its life waiting for something to do).
Once you have an idea of the system at idle, launch Outlook or your Webmail app and see if the freezeup is actually a case of the system getting loaded to the max and becoming unresponsive. High system loading will slow down the Task Manager display update but you should be able to see some changes, albeit slowly. If it's a real freezup the Task Manager displays won't update at all, of course, and the 'Vulcan nerve pinch' Ctrl-Alt-Del combination will be ineffective.
If you have a real freezeup, a reload of the system software may or may not fix it - if it's happening in Outlook only you could reinstall Outlook. Some system freezes in Webmail applications are caused by Internet Explorer toolbar applications (Yahoo toolbar apps, for example) - turn these off and see if that helps.
As far as other software goes, msconfig (do Start-Run-msconfig) is useful if you want to prevent some programs/services to start at boot up. In order for it to be effective you have to know what to look for - here's a tutorial on MSCONFIG:
http://www.netsquirrel.com/msconfig/msconfig_xp.html
and a more exhaustive description from Microsoft:
http://support.microsoft.com/kb/310560
Both of the above are directed at XP - if you have Vista there are other sites that would be useful - just Google on MSCONFIG.
wb
I agree with P2E: the system sounds like it is running under a very heavy load. You might want to wait on the reload until you have a better idea of the cause of the problem - if the system is just overloaded reloading the OS will not fix the problem.
I don't know how your system is setup - could you let us know what you have (Make/XP or Vista/CPU/RAM/HDD)?
Start Task Manager after the system is booted but not running anything besides the normal startup programs. Look at the 'Performance' tab - see how much CPU load you have and what the memory usage is. The TM graphic displays are a little different in Vista and XP, but the text-based data in the 'Processes' tab shows the CPU time each process is using - you can sort by CPU time and see if one is hogging things (the idle process will always be on top - a computer spends most of its life waiting for something to do).
Once you have an idea of the system at idle, launch Outlook or your Webmail app and see if the freezeup is actually a case of the system getting loaded to the max and becoming unresponsive. High system loading will slow down the Task Manager display update but you should be able to see some changes, albeit slowly. If it's a real freezup the Task Manager displays won't update at all, of course, and the 'Vulcan nerve pinch' Ctrl-Alt-Del combination will be ineffective.
If you have a real freezeup, a reload of the system software may or may not fix it - if it's happening in Outlook only you could reinstall Outlook. Some system freezes in Webmail applications are caused by Internet Explorer toolbar applications (Yahoo toolbar apps, for example) - turn these off and see if that helps.
As far as other software goes, msconfig (do Start-Run-msconfig) is useful if you want to prevent some programs/services to start at boot up. In order for it to be effective you have to know what to look for - here's a tutorial on MSCONFIG:
http://www.netsquirrel.com/msconfig/msconfig_xp.html
and a more exhaustive description from Microsoft:
http://support.microsoft.com/kb/310560
Both of the above are directed at XP - if you have Vista there are other sites that would be useful - just Google on MSCONFIG.
wb
Task Manager 201...
click on the Processes tab. there may be several column headings (e.g., Image Name, PID, USer name, CPU, Memory Usages, etc) - click on CPU letters 2x. In percentage of CPU resources, you will what resource(s) are taking up the CPU horsepower... If System Idle Process is the 90's, your likely NOT a running process.
At the very bottom of the Task Mgr Window, what numbers are listed at "Processes:" and "CPU Usage:"??
P2E
click on the Processes tab. there may be several column headings (e.g., Image Name, PID, USer name, CPU, Memory Usages, etc) - click on CPU letters 2x. In percentage of CPU resources, you will what resource(s) are taking up the CPU horsepower... If System Idle Process is the 90's, your likely NOT a running process.
At the very bottom of the Task Mgr Window, what numbers are listed at "Processes:" and "CPU Usage:"??
P2E
ASKER
Thanks, I'll followup with the guidance you have provided.
ASKER
I am sorry to say that owner of the problem PC opted out on trying to solve the problem.
I thank you for what I consider to be very helpful guidance in an effort to correctly diagnose and fix the underlying problem.
I believe you provided clear and accurate suggestions for a solution and I regret that we could not confirm the results.
Again thank you all for your help with this.
crm-serv
I thank you for what I consider to be very helpful guidance in an effort to correctly diagnose and fix the underlying problem.
I believe you provided clear and accurate suggestions for a solution and I regret that we could not confirm the results.
Again thank you all for your help with this.
crm-serv
It happens... and understandably so. PC issues can be extremely expensive & frustrating for non-technical and business end-users. kinda, like a car that intermittently start up each time you turn the ignition key. P2E
' kinda, like a car that intermittently start up each time you turn the ignition key. '
Yes, but you shouldn't replace the engine when that happens!
Yes, but you shouldn't replace the engine when that happens!
Check the header of the message. The FROM address may have been spoofed (i.e. it shows the message is originated from personA but actually from someone else - typical virus infection on the offending computer).