what would you check, which is your recommendation?

Question

0.00/5 (No votes)

See more:

This morning at 2:30 I've started receiving spam at an incredible pace: this morning I had already received 1200 spam mails.

I've seen that there are different accounts affected, but mostly there are three of them (company domain) which are suffering from that.

All the computers except mine are off, but mine is locked and outlook is not started.

What do you think? What would you check?

I've left it doing a system check with mse and norton...

Any hint is welcome.

Posted 1-Jun-13 3:41am

Joan M

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

PrissySC · Answer 1 · 2013-06-01T04:19:00

Are the emails "bounced"?

Really, this is not an "infection". Spammers grab random domains at times and start their work. Random user names are attached to the domain and spam is sent. They don't actually need to have access to any server or DNS.

Of course, it is quite a bit more complicated, but if it is "bounced", meaning that you are being used for the send (both from and to), the you can intercept at the domain level/server level (assuming you have an exchange server).

What you should be doing is reacting: delete and intercept the bounces and contact an attorney to track down and pursue legal action if desired. Your nightmare is just beginning. If you have a company site, this site could possibly become blacklisted by the mail servers and everthing will go to "Junk" when you send.

Lastly, if you feel that someone has a compromised address book, then you need to root deep into the actual client station, but this seems unlikely even from your broad description.

First and foremost, I would go straight to the server and start intercepting. Black list at that level so that users remain mostly uneffected.