email spam question

there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
okamonAsked:
Who is Participating?
 
John HurstConnect With a Mentor Business Consultant (Owner)Commented:
First case: Spammers scour the web for any email addresses they can get. I see all kinds of spam (never into Outlook) that uses my email address and purports to be some legitimate company. It will point to a dodgy website - never deceive yourself on this.

Second case: The user has gone somewhere dodgy and the website has infected the smtp setup causing email to be sent to the user's contact list. I see this as much with Outlook as with gmail.

... Thinkpads_User
0
 
Gary ColtharpConnect With a Mentor Sr. Systems EngineerCommented:
The first case is email spoofing... spammers can spoof the senders address quite easily. If they are able to glean the address from the internet, they just insert it in the sender field. When any spam emails fail to reach the destination, the spoofed sender gets the NDR not the spammer.

The second is a primary reason for not using web based email accounts to store contacts. When the browser gets compromised, there go your contacts.
0
 
okamonAuthor Commented:
>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
John HurstBusiness Consultant (Owner)Commented:
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
0
 
Gary ColtharpSr. Systems EngineerCommented:
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
0
 
John HurstBusiness Consultant (Owner)Commented:
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
0
All Courses

From novice to tech pro — start learning today.