x404.co.uk
http://x404.co.uk/forum/

Not sure where this belongs
http://x404.co.uk/forum/viewtopic.php?f=4&t=23921		 Page 1 of 1
Author:  AlunD [ Sat Jun 20, 2015 7:31 am ]
Post subject:  Not sure where this belongs
A mate of mine who runs a small tourist attraction has got a problem.

Now I'm running blind on this as I don't know what kit he has but I'd guess windows based PC's and server. Its several hundred miles away so I cant readily check.

Their emial system sent out an email with an infected attachment to everybody n their email list. Yes sadly not an uncommon event.

To quote him
Quote:
With regard to this ‘new form’ spam mail – we have had a call back from a local business saying that they had their bank account hacked by someone in Austria following receipt of this spam email from us.

We have now cleared (we think) the messages from our servers and base computer – is there anything else we should be doing?


Any input would be appreciated.
Author:  jonbwfc [ Sat Jun 20, 2015 10:28 am ]
Post subject:  Re: Not sure where this belongs
Hard to say without seeing it, but the first one is 'get some inline virus scanning on their email server', which they appear not to have. And the obvious 'don't open attachments unless you expected to receive them'.

The macro-in-an-office doc malware IS a bitch to spot mind because it's actually quite hard to tell a malicious macro from a benign one. At our place we've been down to looking at them in hex editors to try to spot patterns.
Author:  AlunD [ Sat Jun 20, 2015 12:57 pm ]
Post subject:  Re: Not sure where this belongs
any particular products you can recommend?
Author:  jonbwfc [ Sat Jun 20, 2015 5:26 pm ]
Post subject:  Re: Not sure where this belongs
It's rather hard to say without a lot more detail. There's basically two ways to do it - put a virus scanner on the email system itself or put a cloud based service in front of it - basically route all the email to it first then it passes the safe stuff on.

Without knowing who provides their email service and how its set up, recommending something would be throwing a dart while blindfolded...
Author:  AlunD [ Sun Jun 21, 2015 10:06 am ]
Post subject:  Re: Not sure where this belongs
Cheers and I know the feeling.
Author:  saspro [ Mon Jun 22, 2015 11:31 am ]
Post subject:  Re: Not sure where this belongs
Malwarebyte scan the whole network.
Lock SMTP sending on the firewall to only come from the mail server.
Scan all emails in & out for infections.
Make sure SPF records are in place.
Author:  AlunD [ Mon Jun 22, 2015 12:36 pm ]
Post subject:  Re: Not sure where this belongs
cheers
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/