except our user didnt send any messages with viruses! We've been getting several of the following emails per day. The infected emails all have the W32/CIH.1003.A virus and originate from the IP 219.150.156.3 .
I did a full scan of this user's computer with Trojan Remover, NAV, and AVG, installed ZoneAlarm and came up with nothing. So I dont think we are sending out these emails, but rather this 219.150.156.3 person/machine is somehow spoofing our user's email address and sending out infected emails. So far, I have seen it send emails to 3 addresses in wtc's addressbook.
Any suggestions? Thank God these are being intercepted, but what if a more malicious virus got through? I know the CIH virus isn't very dangerous against win2k , but it's damn annoying to see that someone or something is sending out infected emails using our name.
:|
----- Original Message -----
From: "System Anti-Virus Administrator" <admin@webmailxxx.net>
To: <wtc@ourcompany.com>
Sent: Tuesday, October 21, 2003 2:53 PM
Subject: virus found in sent message "Happy Allhallowmas"
>>
>> Attention: wtc@[i]ourcompany.com[/i]
>>
>>
>> A virus was found in an Email message you sent.
>> This Email scanner intercepted it and stopped the entire message
>> reaching its destination.
>>
>> The virus was reported to be:
>>
>> W32/CIH.1003.A
>>
>>
>> Please update your virus scanner or contact your IT support
>> personnel as soon as possible as you have a virus on your system.
>>
>>
>> Your message was sent with the following envelope:
>>
>> MAIL FROM: wtc@[i]ourcompany.com[/i]
>> RCPT TO: someone@addressbook
>>
>> ... and with the following headers:
>>
>> ---
>> MAILFROM: wtc@[i]ourcompany.com[/i]
>> Received: from unknown (HELO Xptv) (219.150.156.3)
>> by 0 with SMTP; 21 Oct 2003 06:53:43 -0000
>> From: xxt <xxt@kele8.com> this usually had wtc@ourcompany.com; this was the first instance of this xxt@kele8.com appearing
>> To: someone@addressbook
>> Subject: Happy Allhallowmas
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary=X3F0lCZ2l83
>>
>>
>> ---
>>
>>
I did a full scan of this user's computer with Trojan Remover, NAV, and AVG, installed ZoneAlarm and came up with nothing. So I dont think we are sending out these emails, but rather this 219.150.156.3 person/machine is somehow spoofing our user's email address and sending out infected emails. So far, I have seen it send emails to 3 addresses in wtc's addressbook.
Any suggestions? Thank God these are being intercepted, but what if a more malicious virus got through? I know the CIH virus isn't very dangerous against win2k , but it's damn annoying to see that someone or something is sending out infected emails using our name.
:|
----- Original Message -----
From: "System Anti-Virus Administrator" <admin@webmailxxx.net>
To: <wtc@ourcompany.com>
Sent: Tuesday, October 21, 2003 2:53 PM
Subject: virus found in sent message "Happy Allhallowmas"
>>
>> Attention: wtc@[i]ourcompany.com[/i]
>>
>>
>> A virus was found in an Email message you sent.
>> This Email scanner intercepted it and stopped the entire message
>> reaching its destination.
>>
>> The virus was reported to be:
>>
>> W32/CIH.1003.A
>>
>>
>> Please update your virus scanner or contact your IT support
>> personnel as soon as possible as you have a virus on your system.
>>
>>
>> Your message was sent with the following envelope:
>>
>> MAIL FROM: wtc@[i]ourcompany.com[/i]
>> RCPT TO: someone@addressbook
>>
>> ... and with the following headers:
>>
>> ---
>> MAILFROM: wtc@[i]ourcompany.com[/i]
>> Received: from unknown (HELO Xptv) (219.150.156.3)
>> by 0 with SMTP; 21 Oct 2003 06:53:43 -0000
>> From: xxt <xxt@kele8.com> this usually had wtc@ourcompany.com; this was the first instance of this xxt@kele8.com appearing
>> To: someone@addressbook
>> Subject: Happy Allhallowmas
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary=X3F0lCZ2l83
>>
>>
>> ---
>>
>>
