Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I find the source of email with malware in the attachments?

Posted on 2014-12-01
3
Medium Priority
?
137 Views
Last Modified: 2015-01-15
Hello Experts,

Every day different users on our domain receive email which contains malware.  The senders seem to related:  manager@somestore.com or shipping@adifferentstore.com.  Sometimes, it's UPS or DHL or something else.

I am using Symantec Antivirus for Exchange and I am blocking all executables in all email, so I see quarantined emails left and right.  

My question:  is there a way to identify the actual source of these are coming from?  Does this indicate that the problem is coming from one machine and that if we clean it this email will stop?

Thanks for your ideas and assistance.
0
Comment
Question by:svillardi
3 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 40474692
Those emails are sent to just about everyone in the world so I don't think it's on your machine.  Keep on blocking them because they are not likely to be stopped anytime soon.  Typically they are being sent by virus infested machines all around the world that are controlled by a network of hackers.  Even if you found one, there would be many left.

Microsoft, Google, the FBI, and others are constantly tracking down these people and shutting them down.  But new ones keep popping up.
0
 

Author Comment

by:svillardi
ID: 40474698
Is there a way to shut these down at the perimeter rather than when they hit the inbox?
0
 
LVL 4

Expert Comment

by:Jerry Mills
ID: 40474708
DHL or UPS is well known malware email delivery vehicle.  Often it comes from malicious person using IP hopping.  Meaning they have a robot network and skip around the world from different IP addresses.  So it is hard to block.

If you want to see source you need to examine the email header.  Source IP will be there - could be Hotmail etc.. but typically it isn't.  Go to http://mxtoolbox.com/ and enter email header for analysis and it typically will show you that the IP is blacklisted.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question