Solved

email spam question

Posted on 2013-01-22
6
891 Views
Last Modified: 2013-01-24
there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
0
Comment
Question by:okamon
  • 3
  • 2
6 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 225 total points
ID: 38806440
First case: Spammers scour the web for any email addresses they can get. I see all kinds of spam (never into Outlook) that uses my email address and purports to be some legitimate company. It will point to a dodgy website - never deceive yourself on this.

Second case: The user has gone somewhere dodgy and the website has infected the smtp setup causing email to be sent to the user's contact list. I see this as much with Outlook as with gmail.

... Thinkpads_User
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 225 total points
ID: 38806455
The first case is email spoofing... spammers can spoof the senders address quite easily. If they are able to glean the address from the internet, they just insert it in the sender field. When any spam emails fail to reach the destination, the spoofed sender gets the NDR not the spammer.

The second is a primary reason for not using web based email accounts to store contacts. When the browser gets compromised, there go your contacts.
0
 

Author Comment

by:okamon
ID: 38807038
>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 90

Expert Comment

by:John Hurst
ID: 38807081
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 38807195
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38815562
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now