[Beds] Mail server spoofing problem
Dusty Pulver
dusty at pulver.co.uk
Thu Oct 19 00:53:34 BST 2006
There are a number of viruses such as MyDoom that target Outlook <spit>
users on Windows machines. These viruses have their own SMTP serrvices,
and send either spam and/or copies of themselves to all addresses in the
Outlook address book and use another entry in the address book as the
from: address. You are obviously in the address book of someone whose
computer is infected by one of these viruses.
I run the email systems of a large international company (using Novell
GroupWise, naturally. Have you seen the Linux Client?) and when MyDoom
first appeared back in April 2000, we were we're rejecting 5,000 emails
of this type every hour. Since then many newer, dirtier viruses of this
class have been released.
The 'bounce' messages from our internet facing mailservers have been
turned off to reduce the messages of this type of message and our users
have been banned from accessing web-based email servers such as HotMail
and all other webmail services to reduce any possibility of infected
messages getting through our firewalls.
Read
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.mydoom.bi@mm.html
and
http://www.symantec.com/security_response/writeup.jsp?docid=2000-121815-2258-99
for more info on the first of this class of virus.
Regards,
- Dusty Pulver
More information about the Beds
mailing list