I think that if you look at the headers of the emails that say that are from accounts on your domain, you will see they never went through your SMTP to be authenticated and be sent you. Often times a virus like that will have it's own SMTP engine in it and the infected user becomes an unknowing outgoing mail server. The virus writers are trying to get people to open emails from "official" looking addresses ( support, service, info, admin ). If out of 100 people that get the attachment, only 1 opens it, it is still a victory for the virus writer.
Jeremy Stewart Software Engineer Gibbs & Associates -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ajay.kulkarni Sent: Thursday, June 09, 2005 7:52 AM To: [email protected] Subject: RE: [IMail Forum] Emails from not existing accounts Well can someone explain me how these viruses can connect to the SMTPD service when the SMTP service requires authentication. Doesn't this mean a user within the domain is infected with the virus as it's using his authentication to connect to the service? Please tell me if I am wrong... Ajay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Herzog Sent: Thursday, June 09, 2005 9:31 AM To: [email protected] Subject: RE: [IMail Forum] Emails from not existing accounts A few new variants of the Mytob virus were not being picked up by our antivirus this past weekend. From your explanation, it sounds like you could have received the same junk. Symantec has released a stand-alone utility to scan for all known variants. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Shepherd Sent: Thursday, June 09, 2005 9:03 AM To: [email protected] Subject: [IMail Forum] Emails from not existing accounts I am getting complains from email users of virus detection from accounts that do not exist using my domain name. Some of the non existing usernames are service, info, register, etc. Some have zip files attached called information, or account details. When I scan the emails for viruses, no virus is found. It sounds like a virus? Any Suggestions would be appreciated. Greg Shepherd Catalyst Manufacturing Services, Inc Engineering Manager 2507 Wayne Street Endicott, New York 13760 Phone: 607-786-6300 x328 Fax: 607-748-8557 Email: [EMAIL PROTECTED] **************************************************************************** The contents of this email and any attachments may be privileged, Confidential, and protected from disclosure. It is intended only for the use of the individual to whom it is addressed. Access to this email by anyone else is unauthorized. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Additional assistance can be obtained by emailing [EMAIL PROTECTED] Thank you. **************************************************************************** To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
