FBI Director Robert S. Mueller<info@fbi.gov> SPAM attack (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security


berryguru -> FBI Director Robert S. Mueller<info@fbi.gov> SPAM attack (27.Oct.2010 12:12:16 PM)

Our Exchange server is currently sending out spam on behalf of FBI Director Robert S. Mueller, III <info@fbi.gov> and Mrs.Rosalyn Higgins <info@fbi.gov>.  The server currently has 7800 messages in the queue.

The server is not acting as a relay, and we've updated the server with the latest patches.  The queue has been cleared out once manually by booting it into safe mode and clearing he queue.  But first thing the next morning that queue is packed again.  I pulled the logs and found the following:
-The client hostname comes up as 'user'
-The client IP address shows as
-Sender address info@fbi.gov

Another interesting thing I found was I installed an application called 'Exchange User Monitor which shows me the User name, Packets, Operations, CPU %, Avg. Server Latency, Bytes In, Bytes Out, and Client Versions.  I see one user that is blank but reveals all information from the montor (ie packets, cpu% ect...).  I found that very odd and wonder if it has anything to do with this hidden 'user' that is spamming.

So my question is has anybody been hit with FBI spam issue?  And have any advice on what to do at this point?  The email addresses don't even appear to be valid.  I mean at this point what can one do?  I've already blocked the IP address, but that's merely a band-aid.


Page: [1]