W32.Beagle.K@mm

[mmaleh]

hello all,
So one of my users received an email from a non-existant email address in my own domain that said:
Dear user of "mydomain.com" mailing system,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.

Advanced details can be found in attached file.

The Management,
The mydomain.com team
---------------------------------
the email was from staff@mydomain.com
This email also had an attached txt file that said:
Norton AntiVirus removed the attachment: MoreInfo.pif.
The W32.Beagle.K@mm threat was detected in the attachment.
I ran ldifde to confirm that this email is not on my server.
I also ran a virus scan on my exchange server (exchange 2000 on win 2000) and it came up clean.
Questions:
1-would/could people outside domain get this email? (could look real bad to clients)
2-what should my next steps be? other then making sure all end users have up to date virus definitions.
thanks!
-marc

 

[2ffat]

1. As far as I know, nothing.
2. Are you sure that it really is coming from your domain? Beagle, et. al. spoof the from addresses, including the domain. It may not be coming from you machine but from a customer that has your domain in their email address list.

James P. Cottingham

^{There's no place like 127.0.0.1.
There's no place like 127.0.0.1.}

 

[shrubble]

True Dat-

We get spoofed emails with virus payloads all of the time coming from god knows where. The important thing is that they are originating from "beyond the firewall" and not from within. Once you establish that, keep your definitions up and forget about it.



SELECT user
FROM users
WHERE common_sense IS EQUAL TO NULL;

-Shrubble

http://www.ishrubble.com