C
Caspian
Dear Community,
Firstly let me explain that my back-ground is in solution
development so I do not have much of a real understanding in security
issues. I have been asked by one of my clients to investigate why he
seems to be getting hundreds of bounce-back emails in his email inbox
every morning. The email headers indicate that the original message was
posted from his pop3 btconnect email account that he has with his ISP
[btconnect]. He accesses his email via outlook express which pulls the
emails via his email account details. I can access this pop3 through
the ISP browser interface, but the account appears empty, and I assume
this is because the emails are removed once they are transferred to
local pc via outlook express.
I started by installing and updating McAfee security centre which I
then used to scan the clients pc for offending viruses, but the
client's pc was clean. I then ensured that the pc was up-to-date with
Microsoft Updates and security patches. I then entertained the idea
that the pop3 account may have been Hi-jacked and changed the account
password for his pop3 account and replicated the new password in his
outlook to ensure his email continues to be downloaded.
I then took a closer look at the header information for the bounced
email accounts which indicated that the original email accounts were
being transmitted at around 1am in the morning; however the client
turns his machine off religiously at closing of play everyday. So if
the pc is switched off, how is it possible that his account sends spam.
I'm now entertaining the idea that the btconnect servers may be
affected by a Trojan email virus of some form or another. I've simply
run out of ideas. I've phoned btconnect and they deny any possibility
that a virus may exist on there servers.
So how is it possible that my clients email account is being used to
transmit span when his machine if off?
Any help gratefully received!
Regards,
Tim
Firstly let me explain that my back-ground is in solution
development so I do not have much of a real understanding in security
issues. I have been asked by one of my clients to investigate why he
seems to be getting hundreds of bounce-back emails in his email inbox
every morning. The email headers indicate that the original message was
posted from his pop3 btconnect email account that he has with his ISP
[btconnect]. He accesses his email via outlook express which pulls the
emails via his email account details. I can access this pop3 through
the ISP browser interface, but the account appears empty, and I assume
this is because the emails are removed once they are transferred to
local pc via outlook express.
I started by installing and updating McAfee security centre which I
then used to scan the clients pc for offending viruses, but the
client's pc was clean. I then ensured that the pc was up-to-date with
Microsoft Updates and security patches. I then entertained the idea
that the pop3 account may have been Hi-jacked and changed the account
password for his pop3 account and replicated the new password in his
outlook to ensure his email continues to be downloaded.
I then took a closer look at the header information for the bounced
email accounts which indicated that the original email accounts were
being transmitted at around 1am in the morning; however the client
turns his machine off religiously at closing of play everyday. So if
the pc is switched off, how is it possible that his account sends spam.
I'm now entertaining the idea that the btconnect servers may be
affected by a Trojan email virus of some form or another. I've simply
run out of ideas. I've phoned btconnect and they deny any possibility
that a virus may exist on there servers.
So how is it possible that my clients email account is being used to
transmit span when his machine if off?
Any help gratefully received!
Regards,
Tim
