General discussion

Locked

Potential New Outlook Virus?

By Bee Jay ·
I've had the strangest thing happen to one of my employees. He sent an email (HTML Format) to an AOL user from Outlook 2000 via our exchange server, when the message arrived, his background stationary BlankBkgrd.gif had been replaced with BlankBkgrd.jpg a pornographic image. I've scanned his machine and my mail server for a virus to no avail. I've searched his machine for any graphics matching this name, this size, gifs and jpgs and can't find anything. It only happens sporadically and has only shown up in emails sent to AOL users so far. Any thoughts on what to do next? I've searched all over the place for any info on any macro virus that could replace the background image in outlook and can't find any reference to this at all? I'mactually wondering if it could have something to do with AOL, since the infected mail all passed through the same AOL relay server rly-xj02.mail.aol.com [172.20.116.39]? I'm totally puzzled at this point, but need to come up with an answer for my CEO as to how this happened and how we can prevent it from happening in future. I have all users sending plain text email in the meanwhile to ensure it won't happen again for the time being. Thanks in advance for your help!

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Potential New Outlook Virus?

by nikki96 In reply to Potential New Outlook Vir ...

Have you checked your Exchange server for any malicious code (not a virus, but just crons or scheduled tasks or even just code by a peeved employee) that intercepts mail and does this?
Someone might just think they are amusing.

The file to look for might also be .png, .jpg.vbs, .gif.vbs, .png.vbs, .bmp or .bmp.vbs.
Don't forget a virus will not be the same size as the image as sent out and possibly not even the same name as the file.
If you really want to do some detective work and see ifyour Exchange server is at fault, install some free mail server software on the client PC and send mail from there w/o passing through Exchange. See if it happens.

I would be leery of it being an issue with either Exchange or the relay server if this user is the only one it has happened to. Has anyone else sent mail to the same addy and not had a problem?

Using PGP or other types of encryption should ensure that the file, from the time it leaves the user's PC to the time it is opened by the recipient, has not been changed. If you do that, at least you'll know if there are any problems, it is definitely from the user's PC (virus/macro).

Collapse -

Potential New Outlook Virus?

by Bee Jay In reply to Potential New Outlook Vir ...

Poster rated this answer

Collapse -

Potential New Outlook Virus?

by shmaltz In reply to Potential New Outlook Vir ...

A simple way to find out if it is AOL or your machine/s that are making this problem. Try sending the same email to a user that is not on AOL (Yahoo, MSN, etc.). If it still comes out that way then it is on your side, if it doesn't then it is AOLs problem and call them up.

Collapse -

Potential New Outlook Virus?

by Bee Jay In reply to Potential New Outlook Vir ...

Poster rated this answer

Collapse -

Potential New Outlook Virus?

by Bee Jay In reply to Potential New Outlook Vir ...

This question was closed by the author

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums