Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
FBI Director Robert S. Mueller<info@fbi.gov> SPAM attack
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
FBI Director Robert S. Mueller<info@fbi.gov> SPAM... - 27.Oct.2010 12:12:16 PM
|
|
|
berryguru
Posts: 52
Joined: 18.Feb.2010
Status: offline
|
Our Exchange server is currently sending out spam on behalf of FBI Director Robert S. Mueller, III <info@fbi.gov> and Mrs.Rosalyn Higgins <info@fbi.gov>. The server currently has 7800 messages in the queue.
The server is not acting as a relay, and we've updated the server with the latest patches. The queue has been cleared out once manually by booting it into safe mode and clearing he queue. But first thing the next morning that queue is packed again. I pulled the logs and found the following:
-The client hostname comes up as 'user'
-The client IP address shows as 207.210.97.47
-Sender address info@fbi.gov
Another interesting thing I found was I installed an application called 'Exchange User Monitor which shows me the User name, Packets, Operations, CPU %, Avg. Server Latency, Bytes In, Bytes Out, and Client Versions. I see one user that is blank but reveals all information from the montor (ie packets, cpu% ect...). I found that very odd and wonder if it has anything to do with this hidden 'user' that is spamming.
So my question is has anybody been hit with FBI spam issue? And have any advice on what to do at this point? The email addresses don't even appear to be valid. I mean at this point what can one do? I've already blocked the IP address, but that's merely a band-aid.
~berry
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
