virus went thru my address book

[cyphrbob]

Recently I had a virus mail harrassing messages to everyone in my
address book. We have outlook 2003 on exchange 2003. Workstation is
windows xp. We have windows updating nightly and trend micro with
nightly updates. Couldnt find anything with the virus scanner. I
thought Outlook was fixed to prevent scripts using the address book.
Is there some way to prevent outgoing emails without some confirming
action on my part?

 

[Milly Staples [MVP - Outlook]]

Check with your exchange admin to see what security settings have been
changed. Outlook/Exchange are secure by default but a bungling admin can
mess up anything given enough time and curiosity.

Also, how do you know it is "your" address book, and not some one else who
has your email address and is infected? Most (99%) of mails sent as spam
are using a spoofed address.


--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

| Recently I had a virus mail harrassing messages to everyone in my
| address book. We have outlook 2003 on exchange 2003. Workstation is
| windows xp. We have windows updating nightly and trend micro with
| nightly updates. Couldnt find anything with the virus scanner. I
| thought Outlook was fixed to prevent scripts using the address book.
| Is there some way to prevent outgoing emails without some confirming
| action on my part?

 

[cyphrbob]

Thanks fir the reply. it sent a message to every email address in my
address book. I dont know a lot about Exchange. I'll ask the guy who
set it up to check this out.

 

[Lanwench [MVP - Exchange]]

In

Thanks fir the reply. it sent a message to every email address in my
address book. I dont know a lot about Exchange. I'll ask the guy who
set it up to check this out.

Make sure Outlook/Office/Windows are fully patched - and you aren't using
something like "expressclickyes" are you? The Outlook security model
shouldn't have let this happen. I also question whether your machine was in
fact responsible for this.
Also ask him whether he installed/configured Exchange-aware antivirus
software on the server....it's a must in my book.
And it's a good idea to set up your firewall/router/proxy server so that
only your mail server can make outbound connections on port 25 -
workstations can usually be left with outbound access to TCP ports 80 and
443 and still work just fine for general surfing purposes.

Check with your exchange admin to see what security settings have
been changed. Outlook/Exchange are secure by default but a bungling
admin can mess up anything given enough time and curiosity.

Also, how do you know it is "your" address book, and not some one
else who has your email address and is infected? Most (99%) of
mails sent as spam are using a spoofed address.


--?
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

Recently I had a virus mail harrassing messages to everyone in my
address book. We have outlook 2003 on exchange 2003. Workstation is
windows xp. We have windows updating nightly and trend micro with
nightly updates. Couldnt find anything with the virus scanner. I
thought Outlook was fixed to prevent scripts using the address book.
Is there some way to prevent outgoing emails without some confirming
action on my part?

 

[cyphrbob]

thanks for the advice. I see by your email address what I could do in
my address book. A little time consuming, just edit the outgoing
address before hitting send. Till I find an answer to how this
occurred i think I will hack the addresss in my contact list so none
will go anywhere without my intervention.

In

Thanks fir the reply. it sent a message to every email address in my
address book. I dont know a lot about Exchange. I'll ask the guy who
set it up to check this out.

Make sure Outlook/Office/Windows are fully patched - and you aren't using
something like "expressclickyes" are you? The Outlook security model
shouldn't have let this happen. I also question whether your machine was in
fact responsible for this.
Also ask him whether he installed/configured Exchange-aware antivirus
software on the server....it's a must in my book.
And it's a good idea to set up your firewall/router/proxy server so that
only your mail server can make outbound connections on port 25 -
workstations can usually be left with outbound access to TCP ports 80 and
443 and still work just fine for general surfing purposes.

Check with your exchange admin to see what security settings have
been changed. Outlook/Exchange are secure by default but a bungling
admin can mess up anything given enough time and curiosity.

Also, how do you know it is "your" address book, and not some one
else who has your email address and is infected? Most (99%) of
mails sent as spam are using a spoofed address.


--?
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, (e-mail address removed) asked:

Recently I had a virus mail harrassing messages to everyone in my
address book. We have outlook 2003 on exchange 2003. Workstation is
windows xp. We have windows updating nightly and trend micro with
nightly updates. Couldnt find anything with the virus scanner. I
thought Outlook was fixed to prevent scripts using the address book.
Is there some way to prevent outgoing emails without some confirming
action on my part?

 

[Lanwench [MVP - Exchange]]

In

thanks for the advice. I see by your email address what I could do in
my address book. A little time consuming, just edit the outgoing
address before hitting send. Till I find an answer to how this
occurred i think I will hack the addresss in my contact list so none
will go anywhere without my intervention.

Munging all the addresses in one's contacts is not really a viable solution.
Munging your address in a newsgroup post is a good idea if you'd like to
avoid having spam and viruses sent to you (and your address being spoofed
as the sender on virus-laden messages). Don't post valid email addresses in
newsgroups or in your news account settings. Again, if you're using Outlook
2003, I don't see how this could have happened - I suspect it didn't, unless
you're using Expressclickyes or something similar. Your Exchange server
needs good antivirus software to protect all mail, and your workstations can
be blocked from sending mail via port 25 as I suggested.

In

Thanks fir the reply. it sent a message to every email address in my
address book. I dont know a lot about Exchange. I'll ask the guy who
set it up to check this out.

Make sure Outlook/Office/Windows are fully patched - and you aren't
using something like "expressclickyes" are you? The Outlook security
model shouldn't have let this happen. I also question whether your
machine was in fact responsible for this.
Also ask him whether he installed/configured Exchange-aware antivirus
software on the server....it's a must in my book.
And it's a good idea to set up your firewall/router/proxy server so
that only your mail server can make outbound connections on port 25 -
workstations can usually be left with outbound access to TCP ports
80 and 443 and still work just fine for general surfing purposes.

On Sun, 11 Dec 2005 15:38:19 -0800, "Milly Staples [MVP - Outlook]"

Check with your exchange admin to see what security settings have
been changed. Outlook/Exchange are secure by default but a
bungling admin can mess up anything given enough time and
curiosity.

Also, how do you know it is "your" address book, and not some one
else who has your email address and is infected? Most (99%) of
mails sent as spam are using a spoofed address.


--?
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted
without reading.

After furious head scratching, (e-mail address removed) asked:

Recently I had a virus mail harrassing messages to everyone in my
address book. We have outlook 2003 on exchange 2003. Workstation
is windows xp. We have windows updating nightly and trend micro
with nightly updates. Couldnt find anything with the virus
scanner. I thought Outlook was fixed to prevent scripts using the
address book. Is there some way to prevent outgoing emails
without some confirming action on my part?

 

[cyphrbob]

What is expressclickyes? is that a setting in outlook? Outlook is our
standard client for mail etc. Right now I wish I knew some way to
disable sending mail without my interaction. We run Trend Micro on the
exchange server and it is updated daily. One thing we found in the
logs is that a windows update was pushed to my pc just prior to this
attack. Perhaps it left a vulnerablility until being rebooted the next
day. We run a windows update server that collects all the updates from
Micrososft and pushes them to the workstations after hours.Our network
guy thinks it may have been some kind of trojan that deleted itself
when finished. the outgoing emailsd were plain text. d Also the
NTloader file, part of the boot procedure was renamed so the pc
wouldnt restart. Once that was fixed, we discovered that the Trend
Micro client was gone too. First time for me. If I cant find a cause I
might just cut the addresses out and paste them in a comment field.
That would at least prevent this from reoccurring.

In

thanks for the advice. I see by your email address what I could do in
my address book. A little time consuming, just edit the outgoing
address before hitting send. Till I find an answer to how this
occurred i think I will hack the addresss in my contact list so none
will go anywhere without my intervention.

Munging all the addresses in one's contacts is not really a viable solution.
Munging your address in a newsgroup post is a good idea if you'd like to
avoid having spam and viruses sent to you (and your address being spoofed
as the sender on virus-laden messages). Don't post valid email addresses in
newsgroups or in your news account settings. Again, if you're using Outlook
2003, I don't see how this could have happened - I suspect it didn't, unless
you're using Expressclickyes or something similar. Your Exchange server
needs good antivirus software to protect all mail, and your workstations can
be blocked from sending mail via port 25 as I suggested.

In (e-mail address removed) <[email protected]> typed:
Thanks fir the reply. it sent a message to every email address in my
address book. I dont know a lot about Exchange. I'll ask the guy who
set it up to check this out.

Make sure Outlook/Office/Windows are fully patched - and you aren't
using something like "expressclickyes" are you? The Outlook security
model shouldn't have let this happen. I also question whether your
machine was in fact responsible for this.
Also ask him whether he installed/configured Exchange-aware antivirus
software on the server....it's a must in my book.
And it's a good idea to set up your firewall/router/proxy server so
that only your mail server can make outbound connections on port 25 -
workstations can usually be left with outbound access to TCP ports
80 and 443 and still work just fine for general surfing purposes.






On Sun, 11 Dec 2005 15:38:19 -0800, "Milly Staples [MVP - Outlook]"

Check with your exchange admin to see what security settings have
been changed. Outlook/Exchange are secure by default but a
bungling admin can mess up anything given enough time and
curiosity.

Also, how do you know it is "your" address book, and not some one
else who has your email address and is infected? Most (99%) of
mails sent as spam are using a spoofed address.


--?
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted
without reading.

After furious head scratching, (e-mail address removed) asked:

Recently I had a virus mail harrassing messages to everyone in my
address book. We have outlook 2003 on exchange 2003. Workstation
is windows xp. We have windows updating nightly and trend micro
with nightly updates. Couldnt find anything with the virus
scanner. I thought Outlook was fixed to prevent scripts using the
address book. Is there some way to prevent outgoing emails
without some confirming action on my part?

 

[Brian Tillman]

What is expressclickyes?

It's an application that answers "Yes" for you when Outlook would ordinarily
prompt you to allow an errant application to access your address book. See
http://www.contextmagic.com/express-clickyes/

Right now I wish I knew some way to
disable sending mail without my interaction.

Unmodified Outlook does this.

Our network
guy thinks it may have been some kind of trojan that deleted itself
when finished.

That would be unusual, since compromised systems are valuable to SPAMmers,
since they potentially can be used again and again.

Also the
NTloader file, part of the boot procedure was renamed so the pc
wouldnt restart. Once that was fixed, we discovered that the Trend
Micro client was gone too.

However, this evidence suggests they may be correct. Were it my PC, I'd
consider wiping the disk and reinstalling everything.