An unknown intruder has been able to spam our network and send users to pornography sites. I don't know how the...
intruder got my company's internal addresses. The e-mail appears to be sent to ourselves as "firstname.lastname@example.org," where "xxx.xxxxx.xxx" is the name of any organization. There is no mailbox in our network called "data." Further, there appears to be nothing outstanding within the headers or components of the messages. We're stumped. Do you have any idea how the intruder is doing this? This sounds like one of the fun Klez-like worms that have been making the rounds of the Web in recent months. Nasty buggers that spoof their "From" headers and proliferate their destinations from the Address Books and even entire hard drives of their unfortunate victims. Some simply deliver a mass-mailer payload, while others exhibit the behaviour you describe of directing users to pornographic websites. The best technical explanations of the inner workings of e-mail viruses ("how the intruder is doing this") can be found at www.sarc.com, or at the vendor site for Symantec, Network Associates, etc.
As is the case with any e-mail-borne virus, your first and best line of defense is a properly-functioning and frequently-updated anti-virus program. Further, if you are maintaining your own e-mail server, ensure that your message transit agents (MTA's) are sufficiently configured to NOT allow spam or mail-relaying. This is a good practice to follow even if you weren't facing this difficulty.
Using MS Exchange as an example, the Exchange Internet Mail Service must be manually configured to "reject any e-mail message that does not have a valid recipient on this server." It's a quick configuration to make, but one that must be manually set nonetheless. If your e-mail is outsourced to an external provider, call them up and bug them to ensure that they are doing likewise.
Dig Deeper on Windows Server and Network Security
Related Q&A from Laura Hunter
Active Directory expert Laura E. Hunter explains to a reader what must be done to change the default display specifiers for new users in Active ...continue reading
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
Active Directory expert Laura E. Hunter tells a reader what to keep in mind when deleting subnets associated with sites being removed in an ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.