Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Suspicious SPAM email

  • 14-01-2010 11:41am
    #1
    abakan
    Registered Users, Registered Users 2 Posts: 546 ✭✭✭


    Hi all,

    I recieved a very legit looking email last night to one our users. The user in question sent it onto me straiht away but some other user could have fell or it.

    We dont recieve any SPAM emails so when I get one as suspicious as this, it could become worring.

    What do you think?
    The email came from any address that does not exist, but it was spoofed to look like it came from within our domain.
    It said that the settings of the users account has changed and asked the user to click a link to confirm the setting changes.

    A copy of the email header is below


    Received: from 157.Red-79-149-207.staticIP.rima-tde.net (79.149.207.157) by
    mail.company.ie (192.168.17.3) with Microsoft SMTP Server id 8.1.393.1; Wed,
    13 Jan 2010 16:59:58 +0000
    Received: from 79.149.207.157 by mx2.mailhop.org; Wed, 13 Jan 2010 17:59:26
    +0100
    From: "alerts@company.ie" <alerts@company.ie>
    To: <usercompany.ie>
    Subject: The settings for the usercompany.ie were changed
    Date: Wed, 13 Jan 2010 17:59:26 +0100
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0006_01CA9471.C38614C0"
    X-Mailer: Microsoft Office Outlook, Build 11.0.6353
    Thread-Index: Aca6QER2V87AFDXSWA3GU04R1Y0B8X==
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    Message-ID: <000d01ca9471$c38614c0$6400a8c0@gorenuhw40>
    Return-Path: gorenuhw40@smalltalkingpeople.com
    X-MS-Exchange-Organization-PRD: company.ie
    X-MS-Exchange-Organization-SenderIdResult: None
    Received-SPF: None (WFMAINSERVER.company.local: alerts@company.ie does not
    designate permitted sender hosts)
    X-MS-Exchange-Organization-SCL: 4
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8414.660;SV:3.3.8513.912;SID:SenderIDStatus None;OrigIP:79.149.207.157


Comments

  • #2
    ressem
    Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    It's almost certainly just an autogenerated untargeted mail attempting to get users within companies to install malware, rather than someone specifically concentrating on your company for nefarious purposes.

    If all the users within your company are using Outlook in native mode with your Exchange 2007 SP1 server, or using port 587 rather than port 25 for outgoing SMTP mail, then it might be possible/useful to block mails on the incoming SMTP port 25 connector that claims to be from any of internal @company.ie domains.


Advertisement