One of my users started receiving hundreds of emails with failed delivery reports of an email he never sent himself - it contains a zip file attachment, and inside the zip file is an executable, definitely bogus.
How do I make sure this is terminated? He changed his password immediately. It is odd that nothing shows up in his sent items folder either. I'm not sure how these types of email account hijacking viruses work, so am hoping for someone more knowledgeable to pipe in!
He is starting to receive all sorts of emails back from people notifying him of the spam email. I checked mail flow on my exchange server and can see all of the sent emails. How do I put a stop to this??