Security

General discussion

Gravatar
Locked

100's emails sent out in mins /no virus detected

By rene ·
I have a workgroup of 10 computers and a about 2 months ago I had a very high upload to the net from our server. 115Kb/s. I this went on for a whiole day until it was stopped by installing a software firewall (zone alarm) as it seemed to block the ports that this was uploading trough. All was fine until last week where one of the client computers on the work group all of a sudden had a message appear from Zone Alram saying that more than a 100 emails were sent out under one minute or some short time. (this alert came about from the setting in Zone Alarm that alerts you if more than 5 email gets sent in 2 seconds.) When looking in the sent folder in Outlook Express none of these emails appeared. Looks like it was sent from another SMTP engine. The eamils that were sent did not come from any address book on the computer as far as I could see. (Our company does not have a local mail server.)
The strange thing about all of this is that we have Norman Antivirus and this is ALWAYS kept up-to-date and running in the background. I even did a hard-disk scan with Norman running the computer in safe-mode. I checked all the processes running through task manager against difrent sites on the internet and all processes seems to be valid ones.
Does anyone know??

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by Joseph Moore In reply to 100's emails sent out in ...

>Antivirus and this is ALWAYS kept up-to-date

Ok, I hate to break it to you, but it was probably an e-mail virus (like Bagel, or NetSky) that came in and hit your workstation. And here is why. 2004 has been a very BAD year for e-mail virii. Between Bagel, NetSky, and MyDoom, there has been a new version every 2 days. It's been CRAZY this year! And the antivirus programs just can't keep up!
It used to be that checking for updated antivirus definitions once a day was adequate. Not anymore. A version of Bagel got into my LAN in Feburary. It had come out that night, after my daily Midnight check for updated Symantec definitions. It came in early in the morning as a ZIP file, and a user got it and opened it. This was the first virus outbreak in my LAN in over a year (we had a Klez outbreak when someone brought in an unprotected laptop into the office). When Blaster came out, I did not have 1 infection!
But, a version of Bagel came in, and during the max 23 hour vulnerability window that we always knew we were "theoretically" vulernable to, we were hit for the first time! Now, my company never seems to get any virii sent to up in the early hours of an outbreak. Usually, it is the next day, so I know our antivirus would be updated by the time we see anything. Not this time.
I know run Symantec's LiveUpdate on my NAV server every 30 minutes, every day!

So, my thought is that between the virus being released and your user workstation getting the update for that virus strain type, the machine was infected. Then the virus software updated itself, and killed the virus process on the next day. That was probably what happened.
I would check all the antivirus logs, see if you see something in Quarantine or being deleted.
There is just a vulnerability window with antivirus software, and I think you were hit during yours.
Not any fun, is it???

gravatar
Collapse -

by pierrejamme In reply to 100's emails sent out in ...

Ditto to Joseph. In addition, did you beat the person who opened the zip file? Educate, educate, Educate and then beat that should be our motto.

We run McAfee Small Business Active Defense, Sophos and FProt as well as blocking zip, exe, bat etc.

I believe there is a virus now that activates when you read the email (Possible a Bagel Variety, I think Bagel is up to "u" now), will there ever be an end to this

gravatar
Collapse -

by fred07 In reply to 100's emails sent out in ...

Hi

To add to Joseph

I utilize the allways update auto feature in Norton and have benn updated twice that I saw in one day by Norton.

fred

Back to Security Forum
3 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums