Results 1 to 5 of 5
  1. #1

    Need Help: Virus spreading via mail server

    I have a virus e-mail spreading around inside a server and I was wondering if this is a new issue. I am seeking for technical assistance for those experiencing this before..

    It keep sending in using support@mydomainname.com, service@mydomainname.com, mail@mydomainname.com

    *mydomainname.com is just an example of my actual domain name hosted in the server.

    From: service@mydomainname.com
    To: popaddress@mydomainname.com
    Subject: Warning Message: Your services near to be closed.

    Dear Mydomainname Member,

    We have temporarily suspended your email account popaddress@mydomainname.com.

    This might be due to either of the following reasons:

    1. A recent change in your personal information (i.e. change of address).
    2. Submiting invalid information during the initial sign up process.
    3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
    See the details to reactivate your Hive account.

    Sincerely,The Mydomainname Support Team

    +++ Attachment: No Virus (Clean)
    +++ Mydomainname Antivirus - www.mydomainname.com
    From: support@mydomainname.com
    To: popaddress@mydomainname.com
    Subject: Your new account password is approved

    Dear user popaddress,

    You have successfully updated the password of your Mydomainname account.

    If you did not authorize this change or if you need assistance with your account, please contact Hive customer service at: support@mydomainname.com

    Thank you for using Mydomainname!
    The Mydomainname Support Team

    +++ Attachment: No Virus (Clean)
    +++ Mydomainname Antivirus - www.mydomainname.com
    My AVG antivirus has scan and report as follows.

    Viruses found in the attached files.
    The file email-password.zip: Virus identified I-Worm/Mytob.HM. The attachment was moved to the virus vault.

    Checked by AVG Anti-Virus.
    Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 7/9/2005



    Where & how do I get started to remove this issue from my server? I have sent a ticket to The Orbit (where my server is with ThePlanet) and they aren't aware of it at all..

    Anything I must know or websites I can read, please post up a reference. Thanks!

  2. #2
    Join Date
    Feb 2002
    Location
    Vestal, NY
    Posts
    1,381
    Your server is not infected with a virus. However, other PCs that ARE infected with the virus are sending it to common addresses @yourdomain and your user's domains. You can setup a server-side filter with anti-virus mail software such as ClamAV. This worm has been spreading very quickly around the net lately. It should die down like any other as it starts to get removed from infected PCs.
    H4Y Technologies LLC .. Since 2001!!
    "Smarter, Cheaper, Faster" - SMB, Reseller, VPS, Dedicated, Colo hosting done right.

    ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
    **http://h4y.us** **http://iwfhosting.net**
    Voice: (866)435-5642. *** askus at host4yourself d0t com

  3. #3
    i can tell you it's strange but it knows my e-mail address added inside the cpanel which i don't give out. this problem are also affecting my clients hosted in the server.

    anyhow, i am now on a new rig and i don't believe my new pc is infected with this virus.

    just hours ago i saw few exim process in viewing top process. server load was high and i receive another 3 similiar more emails.

    if this is spreading from my PC, i am using AVG free and i have scanned by whole PC system on this new rig -- no virus found. what's your suggestion?

  4. #4
    Join Date
    Jan 2005
    Location
    Baghdad, Iraq
    Posts
    172
    Well ... I have exactly the same problem, I updated the ClamAV & made a manual scan for 3 sites & ClamAV found the Virus.
    Is there a command to do a scan mail for the Whole server emails??
    The Dream is the blueprint of success, the hope is the budget and hard working is the achievement

  5. #5
    Join Date
    Nov 2005
    Location
    Maidstone, Kent
    Posts
    94
    My advice would be (if you have access to do so) add SPF records to your DNS (if you dont have access then ask your provider if they will.

    Its a txt record in the DNS entry and should (probably) be: "v=spf1 a mx ptr -all" (without the quotes)

    This basically says to your email server... your domain will Only send emails from spesific server ips. The IPs it will allow are any that are referenced in your DNS as A or MX records (this will be your www.yourdomain.com server and your mail server)

    That will stop you (and anyone else) from recieving emails from your domain that you didnt send !

    Hope that helps
    TME Solutions - eCommerce Web Designers - Visit our Web Design Portfolio

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •