Link to home
Start Free TrialLog in
Avatar of HudsonHealth
HudsonHealth

asked on

SPAM Generated from Corporate Account

I have a user that was sending out SPAM, one being the Nigerian Scam.  It was sending emails (as I saw these in her send items folder) with the sender address of her account name.  There was a large recipient list of all different domains with the same user name.  It appeared some one these were legitimate email addressesas some replied back.  Then a flood of NDR's came in.  All this added to a backup of email delivery along with being blocked by some outside mail servers.  I'm looking to find out how this could of happend.  Our environment is very secure.   No viruses detected.  User has only 4 email addresses in her address book.  Could the user really have created this issue by clicking on an url within one of the email received?
Avatar of mrroonie
mrroonie
Flag of United Kingdom of Great Britain and Northern Ireland image
sounds like a mass mailer is lurking in the machine somewhere, altho i've never heard of any mass mailers that would put the spam into sent items.

have you run a full virus scan?
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mandeep Khalsa
Mandeep Khalsa
If the user's PC is infected with mass mailer you should be able to view outgoing requests on port 25 using WireShark or something similar. If that is the case malwarebytes (like alanhardisty suggested) should be a good starting point. Also you might want to run HijackThis and ComboFix to see what else is happening with the PC.