RE: Exchange Security Breach????

2002-09-23 Thread Jeremy I. Shannon 

Perhaps a virus with a fake from address sent to someone else in your organization.  
This happens with Klez, even though I don't think that is a Klez subject line.  

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 4:11 PM
To: Exchange Discussions
Subject: Exchange Security Breach


Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails. Not only that, we were unable to find anything
on his Sent Items folder either. Here is what he received on his inbox from
Postmaster 
 
-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]] 
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome! 

Thanks everyone!
rama

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-20 Thread Martin Blackstone 

Klez. Someone who is infected with it has his name in their address book. 
When Klez sends the virus, it grabs a name from the address book and then
uses it as the FROM 


-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 18, 2002 1:11 PM
To: Exchange Discussions
Subject: Exchange Security Breach


Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails. Not only that, we were unable to find anything
on his Sent Items folder either. Here is what he received on his inbox from
Postmaster 
 
-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]] 
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome! 

Thanks everyone!
rama

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-20 Thread Martin Blackstone 

Slow down MacGyver. Lets not go worst case scenario on him just yet.

While this is always possible, the most likely reason is Klez. I see this
every day [1]

[1] No open relay jokes Andy

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:15 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach


Open telnet session to your exchange server and test it using mail to / mail
from command. Lot of help on it also available on Microsoft KB , search for
open relay.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:10 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-20 Thread Becker, Jim 

Man, I hate Klez.  It's a spammer's dream infection.  This worm has
facilitated the unfettered broadcast of addresses about the countryside
better than a tornado in a trailer park.

-Original Message-
From: Robert Moir [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 11:36 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach


You could start by reading a description of what klez actually does, paying
special attention to the bit about forging emails from totally innocent
people who have nothing to do with the virus infection.

-Original Message- 
From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
Sent: Thu 19/09/2002 16:22 
To: Exchange Discussions 
Cc: 
Subject: RE: Exchange Security Breach



What do you mean don't worry about? By the way we have NetShield and
GroupShield both running on our exchange server and we do block most
of the
extensions (.exe,.vbs, etc.) from coming in.

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:20 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

It's Klez.  Don't worry about it.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
 Posted At: Thursday, September 19, 2002 09:28 AM
 Posted To: MSExchange Mailing List
 Conversation: Exchange Security Breach
 Subject: Exchange Security Breach


 Hello everyone,
 One of my users (unfortunately it's my Supervisor) got an
 alert from Group Shield saying that his attachment (.exe) was
 blocked.  But he swears that he didn't send out any emails. 
 Couldn't argue with that. Not only that, we were unable to
 find anything on his Sent Items folder either. Here is what
 he received on his inbox from Postmaster
 
 -Original Message-
 From: postmaster [mailto:[EMAIL PROTECTED]]
 mailto:[mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 13, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Undeliverable mail--Helvetica
 The following mail can't be sent to [EMAIL PROTECTED]:

 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Helvetica
 The attachment is the original mail
 **
 **
 *
 I just can't seem to find any information on this on the
 internet. Helvetica is a font. That's all I've got so for.
 Could this be a Security breach? Is someone using my exchange
 server? Has anyone received any messages like this before?
 Please help. Any input is welcome!

 Thanks everyone!
 rama



 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]


.+--xm,)䁽r(ື\b耽!䀶0六zǚ鯱r聬:.˛
m隊[hy\z[,䵌)r剄Z Zvhħ+-i٢2哞G(

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-20 Thread Chris Scharff 

www.antivirus.com Read up on Klez, then worry if you'd like. It's certainly
not an Exchange security breach.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 10:23 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 
 What do you mean don't worry about? By the way we have 
 NetShield and GroupShield both running on our exchange server 
 and we do block most of the extensions (.exe,.vbs, etc.) from 
 coming in. 
 
 Rama Arumugam
 Network Administrator
 Wire DynamiX.com
 (253) 395-4527
 
 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 8:20 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 It's Klez.  Don't worry about it.
 
  -Original Message-
  From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
  Posted At: Thursday, September 19, 2002 09:28 AM
  Posted To: MSExchange Mailing List
  Conversation: Exchange Security Breach
  Subject: Exchange Security Breach
  
  
  Hello everyone,
  One of my users (unfortunately it's my Supervisor) got an
  alert from Group Shield saying that his attachment (.exe) was 
  blocked.  But he swears that he didn't send out any emails.  
  Couldn't argue with that. Not only that, we were unable to 
  find anything on his Sent Items folder either. Here is what 
  he received on his inbox from Postmaster 
   
  -Original Message-
  From: postmaster [mailto:[EMAIL PROTECTED]]
  mailto:[mailto:[EMAIL PROTECTED]] 
  Sent: Friday, September 13, 2002 2:55 PM
  To: [EMAIL PROTECTED]
  Subject: Undeliverable mail--Helvetica
  The following mail can't be sent to [EMAIL PROTECTED]:
  
  From: [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: Helvetica
  The attachment is the original mail
  **
  **
  *
  I just can't seem to find any information on this on the
  internet. Helvetica is a font. That's all I've got so for. 
  Could this be a Security breach? Is someone using my exchange 
  server? Has anyone received any messages like this before? 
  Please help. Any input is welcome! 
  
  Thanks everyone!
  rama
  
  
  
  _
  List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
  Archives:   http://www.swynk.com/sitesearch/search.asp
  To unsubscribe: mailto:[EMAIL PROTECTED]
  Exchange List admin:[EMAIL PROTECTED]
  
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-20 Thread Chris Scharff 

Read RFC2821 and RFC2822.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 10:19 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 
 What do you mean by someone else's machine or someone used my 
 boss's email address?  Do you mean some one on the internet 
 has an email address (as an alias may be??)that matches my 
 boss's email address? Thanks!
 
 Rama Arumugam
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 8:18 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 Could also be klez virus (or variant) on someone else's 
 machine as well which used your boss' email address
 
 -Original Message-
 From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 11:15 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 
 Open telnet session to your exchange server and test it using 
 mail to / mail from command. Lot of help on it also available 
 on Microsoft KB , search for open relay.
 
 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 19, 2002 11:10 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 How do I find out if some one is in fact relaying through our 
 server? Thanks!
 
 Rama Arumugam
 Network Administrator
 Wire DynamiX.com
 (253) 395-4527
 
 -Original Message-
 From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 19, 2002 8:11 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 Simple : some one else over the internet sent out an e-mail 
 using his e-mail address . The bounced mail came to him.  Its 
 also possible if some one is relaying through your server.
 
 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 19, 2002 10:28 AM
 To: Exchange Discussions
 Subject: Exchange Security Breach
 
 Hello everyone,
 One of my users (unfortunately it's my Supervisor) got an 
 alert from Group Shield saying that his attachment (.exe) was 
 blocked.  But he swears that he didn't send out any emails.  
 Couldn't argue with that. Not only that, we were unable to 
 find anything on his Sent Items folder either. Here is what 
 he received on his inbox from Postmaster
 
 -Original Message-
 From: postmaster [mailto:[EMAIL PROTECTED]]
 mailto:[mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 13, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Undeliverable mail--Helvetica
 The following mail can't be sent to [EMAIL PROTECTED]:
 
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Helvetica
 The attachment is the original mail
 **
 **
 *
 I just can't seem to find any information on this on the 
 internet. Helvetica is a font. That's all I've got so for. 
 Could this be a Security breach? Is someone using my exchange 
 server? Has anyone received any messages like this before? 
 Please help. Any input is welcome!
 
 Thanks everyone!
 rama
 
 
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED

RE: Exchange Security Breach????

2002-09-20 Thread Steve Hanna 


Slow down.,.. don't get all worried about it. 

Read the implications of the klez family of viruses. explain it to your
boss.
your new slow down...

--steve
 




 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, September 19, 2002 11:23 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 
 What do you mean don't worry about? By the way we have NetShield and
 GroupShield both running on our exchange server and we do 
 block most of the
 extensions (.exe,.vbs, etc.) from coming in. 
 
 Rama Arumugam
 Network Administrator
 Wire DynamiX.com
 (253) 395-4527
 
 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 8:20 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 It's Klez.  Don't worry about it.
 
  -Original Message-
  From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
  Posted At: Thursday, September 19, 2002 09:28 AM
  Posted To: MSExchange Mailing List
  Conversation: Exchange Security Breach
  Subject: Exchange Security Breach
  
  
  Hello everyone,
  One of my users (unfortunately it's my Supervisor) got an 
  alert from Group Shield saying that his attachment (.exe) was 
  blocked.  But he swears that he didn't send out any emails.  
  Couldn't argue with that. Not only that, we were unable to 
  find anything on his Sent Items folder either. Here is what 
  he received on his inbox from Postmaster 
   
  -Original Message-
  From: postmaster [mailto:[EMAIL PROTECTED]]
  mailto:[mailto:[EMAIL PROTECTED]] 
  Sent: Friday, September 13, 2002 2:55 PM
  To: [EMAIL PROTECTED]
  Subject: Undeliverable mail--Helvetica
  The following mail can't be sent to [EMAIL PROTECTED]:
  
  From: [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: Helvetica
  The attachment is the original mail
  **
  **
  *
  I just can't seem to find any information on this on the 
  internet. Helvetica is a font. That's all I've got so for. 
  Could this be a Security breach? Is someone using my exchange 
  server? Has anyone received any messages like this before? 
  Please help. Any input is welcome! 
  
  Thanks everyone!
  rama
  
  
  
  _
  List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
  Archives:   http://www.swynk.com/sitesearch/search.asp
  To unsubscribe: mailto:[EMAIL PROTECTED]
  Exchange List admin:[EMAIL PROTECTED]
  
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Gagrani, Kishore 

Simple : some one else over the internet sent out an e-mail using his e-mail address . 
The bounced mail came to him.  Its also possible if some one is relaying through your 
server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Rama Arumugam 

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Gagrani, Kishore 

Open telnet session to your exchange server and test it using mail to / mail from 
command. Lot of help on it also available on Microsoft KB , search for open relay.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:10 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Gagrani, Kishore 


You may also use third party open relay testers over internet. There are many , just 
search for open relay in your google or yahoo .
-Original Message-
From: Gagrani, Kishore 
Sent: Thursday, September 19, 2002 11:15 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Open telnet session to your exchange server and test it using mail to / mail from 
command. Lot of help on it also available on Microsoft KB , search for open relay.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:10 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Rama Arumugam 

What do you mean by someone else's machine or someone used my boss's email
address?  Do you mean some one on the internet has an email address (as an
alias may be??)that matches my boss's email address? Thanks!

Rama Arumugam

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:18 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Could also be klez virus (or variant) on someone else's machine as well
which used your boss' email address

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 11:15 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach


Open telnet session to your exchange server and test it using mail to / mail
from command. Lot of help on it also available on Microsoft KB , search for
open relay.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:10 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Tom Meunier 

It's Klez.  Don't worry about it.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
 Posted At: Thursday, September 19, 2002 09:28 AM
 Posted To: MSExchange Mailing List
 Conversation: Exchange Security Breach
 Subject: Exchange Security Breach
 
 
 Hello everyone,
 One of my users (unfortunately it's my Supervisor) got an 
 alert from Group Shield saying that his attachment (.exe) was 
 blocked.  But he swears that he didn't send out any emails.  
 Couldn't argue with that. Not only that, we were unable to 
 find anything on his Sent Items folder either. Here is what 
 he received on his inbox from Postmaster 
  
 -Original Message-
 From: postmaster [mailto:[EMAIL PROTECTED]]
 mailto:[mailto:[EMAIL PROTECTED]] 
 Sent: Friday, September 13, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Undeliverable mail--Helvetica
 The following mail can't be sent to [EMAIL PROTECTED]:
 
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Helvetica
 The attachment is the original mail
 **
 **
 *
 I just can't seem to find any information on this on the 
 internet. Helvetica is a font. That's all I've got so for. 
 Could this be a Security breach? Is someone using my exchange 
 server? Has anyone received any messages like this before? 
 Please help. Any input is welcome! 
 
 Thanks everyone!
 rama
 
 
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Rama Arumugam 

What do you mean don't worry about? By the way we have NetShield and
GroupShield both running on our exchange server and we do block most of the
extensions (.exe,.vbs, etc.) from coming in. 

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 19, 2002 8:20 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

It's Klez.  Don't worry about it.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
 Posted At: Thursday, September 19, 2002 09:28 AM
 Posted To: MSExchange Mailing List
 Conversation: Exchange Security Breach
 Subject: Exchange Security Breach
 
 
 Hello everyone,
 One of my users (unfortunately it's my Supervisor) got an 
 alert from Group Shield saying that his attachment (.exe) was 
 blocked.  But he swears that he didn't send out any emails.  
 Couldn't argue with that. Not only that, we were unable to 
 find anything on his Sent Items folder either. Here is what 
 he received on his inbox from Postmaster 
  
 -Original Message-
 From: postmaster [mailto:[EMAIL PROTECTED]]
 mailto:[mailto:[EMAIL PROTECTED]] 
 Sent: Friday, September 13, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Undeliverable mail--Helvetica
 The following mail can't be sent to [EMAIL PROTECTED]:
 
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Helvetica
 The attachment is the original mail
 **
 **
 *
 I just can't seem to find any information on this on the 
 internet. Helvetica is a font. That's all I've got so for. 
 Could this be a Security breach? Is someone using my exchange 
 server? Has anyone received any messages like this before? 
 Please help. Any input is welcome! 
 
 Thanks everyone!
 rama
 
 
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange Security Breach????

2002-09-19 Thread Gagrani, Kishore 

No, I don't mean that. What I meant was its quite possible some one deliberately used 
your boss's e-mail address. SPAMERS do such a thing all the time.


-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:19 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

What do you mean by someone else's machine or someone used my boss's email
address?  Do you mean some one on the internet has an email address (as an
alias may be??)that matches my boss's email address? Thanks!

Rama Arumugam

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:18 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Could also be klez virus (or variant) on someone else's machine as well
which used your boss' email address

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:15 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach


Open telnet session to your exchange server and test it using mail to / mail
from command. Lot of help on it also available on Microsoft KB , search for
open relay.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 11:10 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

How do I find out if some one is in fact relaying through our server?
Thanks!

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Gagrani, Kishore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:11 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

Simple : some one else over the internet sent out an e-mail using his e-mail
address . The bounced mail came to him.  Its also possible if some one is
relaying through your server.

-Original Message-
From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 10:28 AM
To: Exchange Discussions
Subject: Exchange Security Breach

Hello everyone,
One of my users (unfortunately it's my Supervisor) got an alert from Group
Shield saying that his attachment (.exe) was blocked.  But he swears that he
didn't send out any emails.  Couldn't argue with that. Not only that, we
were unable to find anything on his Sent Items folder either. Here is what
he received on his inbox from Postmaster

-Original Message-
From: postmaster [mailto:[EMAIL PROTECTED]]
mailto:[mailto:[EMAIL PROTECTED]]
Sent: Friday, September 13, 2002 2:55 PM
To: [EMAIL PROTECTED]
Subject: Undeliverable mail--Helvetica
The following mail can't be sent to [EMAIL PROTECTED]:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Helvetica
The attachment is the original mail

*
I just can't seem to find any information on this on the internet.
Helvetica is a font. That's all I've got so for. Could this be a Security
breach? Is someone using my exchange server? Has anyone received any
messages like this before? Please help. Any input is welcome!

Thanks everyone!
rama



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin

RE: Exchange Security Breach????

2002-09-19 Thread Robert Moir 

You could start by reading a description of what klez actually does, paying special 
attention to the bit about forging emails from totally innocent people who have 
nothing to do with the virus infection.

-Original Message- 
From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
Sent: Thu 19/09/2002 16:22 
To: Exchange Discussions 
Cc: 
Subject: RE: Exchange Security Breach



What do you mean don't worry about? By the way we have NetShield and
GroupShield both running on our exchange server and we do block most of the
extensions (.exe,.vbs, etc.) from coming in.

Rama Arumugam
Network Administrator
Wire DynamiX.com
(253) 395-4527

-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 8:20 AM
To: Exchange Discussions
Subject: RE: Exchange Security Breach

It's Klez.  Don't worry about it.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
 Posted At: Thursday, September 19, 2002 09:28 AM
 Posted To: MSExchange Mailing List
 Conversation: Exchange Security Breach
 Subject: Exchange Security Breach


 Hello everyone,
 One of my users (unfortunately it's my Supervisor) got an
 alert from Group Shield saying that his attachment (.exe) was
 blocked.  But he swears that he didn't send out any emails. 
 Couldn't argue with that. Not only that, we were unable to
 find anything on his Sent Items folder either. Here is what
 he received on his inbox from Postmaster
 
 -Original Message-
 From: postmaster [mailto:[EMAIL PROTECTED]]
 mailto:[mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 13, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Undeliverable mail--Helvetica
 The following mail can't be sent to [EMAIL PROTECTED]:

 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Helvetica
 The attachment is the original mail
 **
 **
 *
 I just can't seem to find any information on this on the
 internet. Helvetica is a font. That's all I've got so for.
 Could this be a Security breach? Is someone using my exchange
 server? Has anyone received any messages like this before?
 Please help. Any input is welcome!

 Thanks everyone!
 rama



 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]


â²Úh²Ø§€P†Ûiÿü0Â̝Ç(›úÞ²‹«qïÞÅÈ_j¨m˜
܆+Þ²m§ÿðÃ0Êy¢oìŠ×¬yªÜ‡ûj·!jÊS¢éì¹»®Þ™¨¥¶‰^j÷žÅÈZž¥²Ì2žG(˜L\…©àx¸¬µ§fŠyb²Öš)ìÃ)är‰

RE: Exchange Security Breach????

2002-09-19 Thread Tom Meunier 

I mean, ignore it.  That's how Klez works.  So someone your boss knows
has Klez.  So what?  Someone my boss knows has rotten kids, but I don't
tell my boss she should take her kids to a child psychologist because of
it.

 -Original Message-
 From: Rama Arumugam [mailto:[EMAIL PROTECTED]] 
 Posted At: Thursday, September 19, 2002 10:23 AM
 Posted To: MSExchange Mailing List
 Conversation: Exchange Security Breach
 Subject: RE: Exchange Security Breach
 
 
 What do you mean don't worry about? By the way we have 
 NetShield and GroupShield both running on our exchange server 
 and we do block most of the extensions (.exe,.vbs, etc.) from 
 coming in. 
 
 Rama Arumugam
 Network Administrator
 Wire DynamiX.com
 (253) 395-4527
 
 -Original Message-
 From: Tom Meunier [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, September 19, 2002 8:20 AM
 To: Exchange Discussions
 Subject: RE: Exchange Security Breach
 
 It's Klez.  Don't worry about it.
 
  -Original Message-
  From: Rama Arumugam [mailto:[EMAIL PROTECTED]]
  Posted At: Thursday, September 19, 2002 09:28 AM
  Posted To: MSExchange Mailing List
  Conversation: Exchange Security Breach
  Subject: Exchange Security Breach
  
  
  Hello everyone,
  One of my users (unfortunately it's my Supervisor) got an
  alert from Group Shield saying that his attachment (.exe) was 
  blocked.  But he swears that he didn't send out any emails.  
  Couldn't argue with that. Not only that, we were unable to 
  find anything on his Sent Items folder either. Here is what 
  he received on his inbox from Postmaster 
   
  -Original Message-
  From: postmaster [mailto:[EMAIL PROTECTED]]
  mailto:[mailto:[EMAIL PROTECTED]] 
  Sent: Friday, September 13, 2002 2:55 PM
  To: [EMAIL PROTECTED]
  Subject: Undeliverable mail--Helvetica
  The following mail can't be sent to [EMAIL PROTECTED]:
  
  From: [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: Helvetica
  The attachment is the original mail
  **
  **
  *
  I just can't seem to find any information on this on the
  internet. Helvetica is a font. That's all I've got so for. 
  Could this be a Security breach? Is someone using my exchange 
  server? Has anyone received any messages like this before? 
  Please help. Any input is welcome! 
  
  Thanks everyone!
  rama
  
  
  
  _
  List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
  Archives:   http://www.swynk.com/sitesearch/search.asp
  To unsubscribe: mailto:[EMAIL PROTECTED]
  Exchange List admin:[EMAIL PROTECTED]
  
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 
 _
 List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
 Archives:   http://www.swynk.com/sitesearch/search.asp
 To unsubscribe: mailto:[EMAIL PROTECTED]
 Exchange List admin:[EMAIL PROTECTED]
 

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Archives:   http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]