We help IT Professionals succeed at work.
Get Started

Malicious email spreading

717 Views
3 Endorsements
Last Modified: 2018-02-06
A malicious email has been sent out to all contacts from one of our users Outlook that contained a nefarious and potentially damaging link. we requested all staff to remove it from your inbox. We are on Office365 for exchange. This email was sent with subject line:  "Please Docusign: Review Documents"  the message contained a box that said Diane sent you a document to review and sign with Review Document button. Which takes to http:// fishy looking hyperlink.

Many users have now clicked this link already in the email today and I am not sure what outcome we will be dealing with in next couple of days.

What best possible steps to be taken in this scenario ?  So far I have done the following:


1. Isolated this machine and running various scans.
2. Ran the O365 Powershell command to remove this message from all user mailbox
3. Made sure all our backups are secure and running
4. Ran virus scans on all our servers
5. I am currently tracing the IP address from the header of this original email and blocking it through our external email spam filtering company.

What else can we possibly do to avoid wide spread of these emails in next few days ?

The user said he click on this email about "4 days ago" and all of a sudden emails came out of his outlook to all company contacts GAL TODAY. This could mean all the users about ( 30 of them ) that clicked on this email today may have their computers infected as well and could possibly send an email in next few days to all their contacts.

While trying to scan the users computer from which this email was originally sent to all employee, ESET and some other scans could not find any virus or spywares.

This is quite scary and would like some experts thoughts and suggestions.

Thank you in advance.
Comment
Watch Question
Sunil ChauhanConsultant
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 4 Answers and 4 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE