SPAM Generated from Corporate Account

I have a user that was sending out SPAM, one being the Nigerian Scam.  It was sending emails (as I saw these in her send items folder) with the sender address of her account name.  There was a large recipient list of all different domains with the same user name.  It appeared some one these were legitimate email addressesas some replied back.  Then a flood of NDR's came in.  All this added to a backup of email delivery along with being blocked by some outside mail servers.  I'm looking to find out how this could of happend.  Our environment is very secure.   No viruses detected.  User has only 4 email addresses in her address book.  Could the user really have created this issue by clicking on an url within one of the email received?
HudsonHealthAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mrroonieCommented:
sounds like a mass mailer is lurking in the machine somewhere, altho i've never heard of any mass mailers that would put the spam into sent items.

have you run a full virus scan?
0
Alan HardistyCo-OwnerCommented:
Please download and scan her machine with MalwareBytes - www.malwarebytes.org
Remove anything that it uncovers.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mandeep KhalsaCommented:
If the user's PC is infected with mass mailer you should be able to view outgoing requests on port 25 using WireShark or something similar. If that is the case malwarebytes (like alanhardisty suggested) should be a good starting point. Also you might want to run HijackThis and ComboFix to see what else is happening with the PC.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.