HudsonHealth
asked on
SPAM Generated from Corporate Account
I have a user that was sending out SPAM, one being the Nigerian Scam. It was sending emails (as I saw these in her send items folder) with the sender address of her account name. There was a large recipient list of all different domains with the same user name. It appeared some one these were legitimate email addressesas some replied back. Then a flood of NDR's came in. All this added to a backup of email delivery along with being blocked by some outside mail servers. I'm looking to find out how this could of happend. Our environment is very secure. No viruses detected. User has only 4 email addresses in her address book. Could the user really have created this issue by clicking on an url within one of the email received?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the user's PC is infected with mass mailer you should be able to view outgoing requests on port 25 using WireShark or something similar. If that is the case malwarebytes (like alanhardisty suggested) should be a good starting point. Also you might want to run HijackThis and ComboFix to see what else is happening with the PC.
have you run a full virus scan?