• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 926
  • Last Modified:

email spam question

there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
0
okamon
Asked:
okamon
  • 3
  • 2
2 Solutions
 
JohnBusiness Consultant (Owner)Commented:
First case: Spammers scour the web for any email addresses they can get. I see all kinds of spam (never into Outlook) that uses my email address and purports to be some legitimate company. It will point to a dodgy website - never deceive yourself on this.

Second case: The user has gone somewhere dodgy and the website has infected the smtp setup causing email to be sent to the user's contact list. I see this as much with Outlook as with gmail.

... Thinkpads_User
0
 
Gary ColtharpSr. Systems EngineerCommented:
The first case is email spoofing... spammers can spoof the senders address quite easily. If they are able to glean the address from the internet, they just insert it in the sender field. When any spam emails fail to reach the destination, the spoofed sender gets the NDR not the spammer.

The second is a primary reason for not using web based email accounts to store contacts. When the browser gets compromised, there go your contacts.
0
 
okamonAuthor Commented:
>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
JohnBusiness Consultant (Owner)Commented:
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
0
 
Gary ColtharpSr. Systems EngineerCommented:
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
0
 
JohnBusiness Consultant (Owner)Commented:
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now