Hi, We had an incident yesterday evening and I'm trying to track down the root cause.
Spam starting flowing through our mail servers using the credentials of a user, Alice. Each message came from a different IP address, spread over the globe. Each message is quite clearly spam, trying to get you to visit an URL. The from header of the spam message is using Alice's email address. The messages I've checked are in the form of "Lindsey Lohan free from prison". There are no invalid password attempts for Alice, so I assume one of their computers was compromised by a virus and their credentials and outgoing mail server name stolen. Then a botnet is using the credentials to use our mail server as a relay. Sophos is running on Alice's laptop, and there are no signs of a virus. But of course the credentials could have been stolen from somewhere else. Is anyone familiar with this virus? The URLs I've looked at so far are timing out, so I can't check the virus that way. Thank you. -- Steven Kurylo _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
