Solved

I think I have a mass mailer on my server, how do I find it and disable it

Posted on 2010-08-31
5
400 Views
Last Modified: 2013-12-06
I think I have a mass mailer virus/bot on my system. I know this because I recieve replys to emials I haven't sent.

Typically it will look like this


Your message did not reach some or all of the intended recipients.

      Subject:      Better sex with organ pills
      Sent:      8/27/2010 3:04 PM

The following recipient(s) cannot be reached:

      Greg McLandsborough on 8/27/2010 3:03 PM
            The e-mail address could not be found.  Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address.  Check the address and try again.
            < franklin.ultrafast.com.au #5.1.0 SMTP; 554 5.1.0 Sender Denied>

I also occasionally recieve Out of office replys from my contacts in my address book, to whom I have not sent an email.

I have a static Ip and use Exchange for my email system, and have 5 PC running of the Server. I have Trend Micro set up as a virus scanner.

Can anyone give me some advice on how to stop these virus/bots etc
0
Comment
Question by:GregMcL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:jtokarchuk
ID: 33573095
Get your network off of the internet to start with. You are probably going to end up SMTP blacklisted. (www.spamhaus.org)

Get multiple virus scans running on each machine and your server (combofix, malwarebytes, panda activescan to name a few) to clean them out.

I reccommend dropping in a filtering box such as Untangle to control your internet traffic. They have some pretty good spam and spyware/virus guarding, but you get what you pay for. (is free but only so good until you pay for other options)
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 33573106
You are MOST LIKELY misunderstanding.  ANYONE can send an e-mail message and CLAIM it's from you're e-mail address.   Many malicious programs will simply grab a "random" e-mail address and stick it into the "from" field.  They could get the address from a person's address book of which you are a contact or a random list from somewhere else.  There is virtually nothing you can do about these bounce messages.What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.You can also review the headers of the e-mail messages for any clue that your mail server actually sent the message (probably, the only reference you'll have to your mail server is a message that it received the bounce message).
0
 

Author Comment

by:GregMcL
ID: 33573197
Is it possible to verify the security of my system ?
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 33573208
I'll repeat:
What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.

I assume you understand that appropriate anti-malware software means anti-virus and anti-rootkit software that you should have handy and be able to download from various anti-virus sites.  
0
 
LVL 2

Expert Comment

by:jtokarchuk
ID: 33573218
Take your network off the internet (off of business hours, assuming a business network?) and see if the bounced emails continue. As Leew said, use mxtoolbox.com and see if you have any blacklist records, that will be a pretty clear cut answer for you.

If you have a smart switch, monitor port 25 on your server's switch port.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question