Exchange 2000/Virus ?

[Hick22]

One of our users recently received an email directing her to a 'link'. The link showed it as being one of our company links but looking at the source it was obviosuly going somewere else.

The senders email address was 'spoofed' and was showing that it was coming from our Email Admin Account.

The above I've seen happen many times however this one had our company's disclaimer included so it basically looked as though it genuinly came from our company.

Obviosuly we're in the belief that our system is pretty secure plus the fact we use a thrid party company to scan all our emails. However, for the disclaimer to be included it would have to have gone via out Internal Email relay server...

Anyone else seen this before ?

Ideas appreciated.

 

[benzgc]

Are you runnig an exchange antivirus software on your server? If so try a dat update and see if it tracks it down, I have seen this with Netsky where it sends out an email from the administrator account so that you think its an important e-mail an you open it triggering the virus.

 

[Hick22]

Thanks for the reply...

Apart from our 3rd party scanning, we also have Trend (always up to date) running on our Exchange servers.

Nothing picked up on that though!!

 

[kmcferrin]

If you have the message tracking logs enabled on your servers then you should be able to see when/where it came into your network. That would be the first place I would start.

 

[fs483]

Your disclaimer could of been picked up from an infected computer outside of your network (a person's computer whom someone in your company has communicated with). If the recepients computer was infected, then it could of also picked up an email address from your domain and sent back an infected message containing a redirected link...

akwong