1 Reply Latest reply on Jun 30, 2011 5:03 PM by jhall1

    Increase your mailbox size - email threat


      My org has been hit with an email - subject "Increase your mailbox size"  there is a link in the message.  When initiated, I assume from clicking the link, the result is thousands of emails going out to recpients.  This doesn't appear to grab the address book, most recipients are @yahoo.com.


      Anyone seen this?


      First user found with, computer was wiped  out, mailbox was cleaned, but it appears to be back for same user.

        • 1. Re: Increase your mailbox size - email threat

          Oh Yes. The sending addresses are usually randomly generated and the emails are pretty simple:


          Example you might see:

          “Your mailbox has exceeded the storage limit which is 10GB as set by your administrator, you are currently running on 10.9GB,To re-validate your mailbox Click here:  or copy this(http://bit.ly/98klp ) and paste it into your browser to increase your mailbox size or you loose your account within 24 hours.”


          Are you running McAfee GroupShield in your environment? These detections should be pretty easily caught on the server side.

          If not, the on-delivery email scanner in VirusScan would catch any malicious attachments.  You can also enable some of the Access Protection rules in Virusscan like to block  malicious code from running  in the browser’s temp directory.


          Hope that helps!