Link to home
Start Free TrialLog in
Avatar of okamon
okamon

asked on

email spam question

there are 2 cases I have faced with 2 email spam issue.
one is the user has outlook installed on his computer for some reason he keeps getting bounceback from the local exchange postmaster saying:
The message or an attachment did not reach the intended recipient(s).
   Subject: To all Employees - Confidential Message
      From: message@securebank.com
        To: luc@abc.com
      Date: Thu, 17 Jan 2013 07:39:23 -0700
    Reason: attachment type policy violation (To ALL Employees.exe)
    Action: deny
------------------------------------------------------------------------------------------------------------
The user never sent to message@securebank.com and no virus or spamware foudn on his computer. it seems someone spoofed his email address.. How could the spammer found his email address?

And the 2nd one is different user he only use gmail and he only use the webmail. He installed the firefox extension to notify him new emails. For some reason, he is sending spam to all his contacts... how can this happen??
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of okamon
okamon

ASKER

>> the website has infected the smtp setup causing email to be sent to the user's contact list

the gmail is nto setup using outlook or any email client. the user only use the gmail web mail.
so how the smtp setup cauign the issue?

>>When the browser gets compromised, there go your contacts...

but the gmail should end the session itself after certain period.. so how they got access?
is it the webmail firefox plugin I use that cauign it and I checked the sent item in gmail, it looks like it was sent from gmail, nto spoofed! should I chnage password asap?
I cannot tell you all the ways spammers compromise smtp servers (there are so many ways), but the likely way is a dodgy email (looks good, but with a virused attachment). It could be doing this through the user's Outlook if contacts are the same in both. Also, even though they are using web mail, they are using it through their browser.

is it the webmail firefox plugin I ....  should I chnage password asap?

I would and use a fairly difficult password to be sure.

Also make sure the users are using a good, corporate level, paid antivirus tool.  If they are using Windows 7, make sure UAC is turned on. People love to click dodgy links "Let me speed up your computer" . This will concentrate on stopping the problem rather than trying to determin how it occurred.

.... Thinkpads_User
All they need to do is compromise the browser to get the contacts. Once that is done, they can send the email spoofed as anyone. I could send you an email right now with an email of mickeymouse@disneyland.com and your mail client would not know the difference.
@okamon - Thank you and I was pleased to help you with this.
.... Thinkpads_User