Exchange/IIS Vulnerability?

[rjfranz]

This weekend all of my Exchange users received an e-mail with a random subject line with no body and from different addresses (supposedly). Some of the users received the strange e-mail message from an internal account, so I thought it might be a worm. All PCs and servers are running Norton and have the latest definition file. The Exchange server is running the Norton gateway for Exchange. Does this sound like an IIS vulnerability I may have missed a patch for? I thought I was up-to-date with my patches, but maybe not.

Thanks,
Rick

 

[isguyatlanta]

I have seen something similar on my ex2k server and thought relay was open and it is not. One of the items I got even had MY tag line on it. Another message came from an account that is dissabled and only for use as a junk mail recepticle when people leave so I don't get their email, but that is still on the 5.5 server. I suspect that someone has found a hack that MS has not told us about yet.

 

[Xybertron]

Track the message... Dan
Microsoft Exchange Support @ Microsoft

 

[SteveTheGeek]

And send yourself a test virus to see if Norton gateway is functioning as you expect it to - sounds like it could be Klez.H with the infected attachment stripped out.
-Steve

 

[tom11011]

Please be on the alert. Read up on the new klez worm. It spoofs the senders address so you will have trouble determining where it really came from. The worm reads email addresses in the address book and uses one of those as a fake sender.

Incidentally, klez may be the fastest spreading worm of all time, and the chances of someone getting it are very strong.

http://vil.nai.com/vil/content/v_99455.htm