Re: has my sendmail been compromised?
- From: Tilman Schmidt <t.schmidt@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 05 Aug 2005 12:43:51 +0200
don garb wrote:
> Please see attachments - WARNING! I believe the sloppily masqueraded exe
> file to be malware although an online scanner that I submitted it to
> said it was clean. I am on Linux so I am immune to this windows exe but
> I would only open it only on a non-essential quarantined machine.
My virus scanner identified it as WORM_MYTOB.IJ right away.
> I host my website with hostingplex and they use sendmail, my account
> name is Eve. Yesterday I noticed the default mailbox had 183 pieces of
> junk and I deleted them all. Only afterwards did I think it was
> suspicious that most of the junk mail was return to sender, stop
> spamming us, undeliverable and out of office auto replies. So that made
> me think my domain was being spoofed to send out spam.
Not unlikely. Your E-mail address does somewhat lend itself to that, doesn't it. :-)
> Then today I received this:
>
> *Dear Adamandevedreamdates Member, *
>
> We have temporarily suspended your email account
> eve@xxxxxxxxxxxxxxxxxxxxxxxxx
Quite a typical introduction for a worm mail trying to lure you into activating
the attachment.
> I have included the original message with the attachment which might
> fool some people into thinking it's a txt file but really it's an exe.
> If the exe doesn't make it to the newsgroup I have posted it at
> h2g.ca/chris. Be very careful downloading and running it.
Who in their right minds would do that? Anyway, no need for that. See above.
> I can ssh into my account to configure things at a low level since my
> host's cpanel and horde web clients are pretty tame.
Nothing you wrote points to a compromise of your server in any way.
Someone sent out a load of spam forging the sender address into yours,
and someone else (probably) who had your address in his address book
got infected with the worm. There is nothing you can do on your server
against either of these incidents, as they all happened far away.
HTH
Tilman
--
Tilman Schmidt t.schmidt@xxxxxxxxxxxxxxxxxx
Phoenix Software GmbH Tel. +49 228 97199 0
Adolf-Hombitzer-Str. 12 Fax +49 228 97199 99
53227 Bonn, Germany http://www.phoenixsoftware.de
.
- Prev by Date: Re: Per number of recipients delivery mode
- Next by Date: Re: has my sendmail been compromised?
- Previous by thread: Per number of recipients delivery mode
- Next by thread: Re: has my sendmail been compromised?
- Index(es):
Loading
