I think I have a mass mailer on my server, how do I find it and disable it

Posted on 2010-08-31
Medium Priority
Last Modified: 2013-12-06
I think I have a mass mailer virus/bot on my system. I know this because I recieve replys to emials I haven't sent.

Typically it will look like this

Your message did not reach some or all of the intended recipients.

      Subject:      Better sex with organ pills
      Sent:      8/27/2010 3:04 PM

The following recipient(s) cannot be reached:

      Greg McLandsborough on 8/27/2010 3:03 PM
            The e-mail address could not be found.  Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address.  Check the address and try again.
            < franklin.ultrafast.com.au #5.1.0 SMTP; 554 5.1.0 Sender Denied>

I also occasionally recieve Out of office replys from my contacts in my address book, to whom I have not sent an email.

I have a static Ip and use Exchange for my email system, and have 5 PC running of the Server. I have Trend Micro set up as a virus scanner.

Can anyone give me some advice on how to stop these virus/bots etc
Question by:GregMcL
  • 2
  • 2

Expert Comment

ID: 33573095
Get your network off of the internet to start with. You are probably going to end up SMTP blacklisted. (www.spamhaus.org)

Get multiple virus scans running on each machine and your server (combofix, malwarebytes, panda activescan to name a few) to clean them out.

I reccommend dropping in a filtering box such as Untangle to control your internet traffic. They have some pretty good spam and spyware/virus guarding, but you get what you pay for. (is free but only so good until you pay for other options)
LVL 97

Accepted Solution

Lee W, MVP earned 2000 total points
ID: 33573106
You are MOST LIKELY misunderstanding.  ANYONE can send an e-mail message and CLAIM it's from you're e-mail address.   Many malicious programs will simply grab a "random" e-mail address and stick it into the "from" field.  They could get the address from a person's address book of which you are a contact or a random list from somewhere else.  There is virtually nothing you can do about these bounce messages.What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.You can also review the headers of the e-mail messages for any clue that your mail server actually sent the message (probably, the only reference you'll have to your mail server is a message that it received the bounce message).

Author Comment

ID: 33573197
Is it possible to verify the security of my system ?
LVL 97

Expert Comment

by:Lee W, MVP
ID: 33573208
I'll repeat:
What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.

I assume you understand that appropriate anti-malware software means anti-virus and anti-rootkit software that you should have handy and be able to download from various anti-virus sites.  

Expert Comment

ID: 33573218
Take your network off the internet (off of business hours, assuming a business network?) and see if the bounced emails continue. As Leew said, use mxtoolbox.com and see if you have any blacklist records, that will be a pretty clear cut answer for you.

If you have a smart switch, monitor port 25 on your server's switch port.

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question