On Wed, Aug 31, 2005 at 12:40:18PM -0400, kdonathan@charter.net wrote:
> Over the summer, I recently began getting "fake" email messages
> from mail@gwhs...., admin@gwhs.....,
> security@gwhs....,register@gwhs...., etc. etc. etc. The subject
> line is always something like "YOUR ACCOUNT IS SUSPENDED....",
> "You have successfully updated your password....", etc. Each of
> these contain an attachment, so I know that a virus is trying to
> get into our server. I need some suggestions on what to do to
> make this stop.
A virus isn't necessarily 'trying to get into your server'. If you
look at the headers of those emails, it's quite likely that they
originate somewhere else. If they come from someone else's server
but purport to be from your own, it's likely that you are the victim
of a 'spear phishing' attack.
As far as stopping those mails, treat them like any other spam. If
they have viral payloads, you should be using virus detection
somewhere in the chain (preferably near the mail server) to weed
them out anyway.
--
o--------------------------{ Will Maier }--------------------------o
| jabber:..wcmaier@jabber.ccc.de | email:..........wcmaier@ml1.net |
| \.........wcmaier@cae.wisc.edu | \..........wcmaier@cae.wisc.edu |
*------------------[ BSD Unix: Live Free or Die ]------------------*