RE: Email Type Viruses like Netsky
From: Josh Muehe (JoshMuehe_at_discussions.microsoft.com)
Date: 06/22/04
- Next message: Gary: "Re: Outlook 2003 won't verify Exchange account"
- Previous message: daschmied_at_auditor.state.oh.us: "Full-Text Indexing"
- In reply to: DavidL: "Email Type Viruses like Netsky"
- Next in thread: Hank Arnold: "Re: Email Type Viruses like Netsky"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Jun 2004 14:18:01 -0700
I also get a very large volume. Anymore I'm rarely concered by other mail server's bounces to my users saying they received an infected e-mail from them since most recent viri do spoof the from address. I've actually turned off notification of outside senders just to avoid panicing innocent 3rd parties.
Short of scanning the machines in your domain for infection monitor the e-mails coming in. Watch the headers of the inbound virus e-mails to see where they're coming from. This should tell you whether they are generated internally or not. As for the noticed from other servers. Some of them may include the original e-mails or at least the headers - check those headers.
Also watch your firewall and see if you are seeing a high level of smtp traffic from your LAN. Most of the recent viri utilize their own smtp engine so it won't necessarily trigger outbound traffic on your Exchange server.
Having said all that - your client machines should all be running antivirus software. If you're still concerned go ahead and start scanning - better safe then sorry.
"DavidL" wrote:
> We are receiving 100's of emails with infected attachments
> from the W32.Netsky, W32.Erkez, etc. viruses). Yesterday I
> received over 300. My AntiVirus program that resides on
> the Exchange server deletes the infected attachments and
> sends the bogus emails on to the recipients. This has
> been going on for months.
>
> Are others out there getting this type of volume of email-
> based viruses (e.g. Netsky)?
>
> I am concerned that maybe an infected machine somewhere in
> my domain is sending out the emails. Also users are
> continually getting emails from others outside the company
> notifying them that they are sending them viruses. Each
> time I manually scan the user's machine and do not find
> any viruses (Every machine also has Antivirus software
> installed on it).
>
> How can I make sure that there is not a machine somewhere
> in my Domain that is infected and is sending out the
> viruses?
>
> I realize that the Netsky virus (and other similar
> viruses) spoofs email addresses for both Sender and
> Recipient, so the sender may or may not be infected. But
> how can I be sure that it is not one of my machines that
> is the culprit?
>
> Any input would be GREATLY appreciated!
>
> Thank-you,
>
> David L.
>
>
- Next message: Gary: "Re: Outlook 2003 won't verify Exchange account"
- Previous message: daschmied_at_auditor.state.oh.us: "Full-Text Indexing"
- In reply to: DavidL: "Email Type Viruses like Netsky"
- Next in thread: Hank Arnold: "Re: Email Type Viruses like Netsky"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
