Endpoint Protection

 View Only

  • 1.  Malware that created Outlook Inbox Rules

    Posted Jun 03, 2010 11:05 AM

    I have a customer who has recenlty been hit by some malware that I have not seen before.     This malware creates inbox rules in Outlook that sends tons of email messages to external recipients.    One of those recipients is  dr.saintalbert11@yahoo.de

    The malware is especially troublesome because it creates server-based inbox rules, that fire off even when the user is not running Outlook.  
    The user can remove the inbox rules by pulling down on Tools and selecting "Rules and Alerts", but in many cases the rules re-appear.      In some cases, our only solution was to complete remove the users machine, account, and mailbox, and recreate from scratch.  

    Scans using multiple anti-virus and spyware tools have not detected anything.   Additionally, searches on the internet have not uncovered anything. 
    Anyone seen this or have any suggestions?
     


  • 2.  RE: Malware that created Outlook Inbox Rules

    Posted Jun 03, 2010 11:10 AM
    What AV product are you running?

    Make sure your OS is up to date and patched, then with the latest rapid release definitions installed, try running a full scan in safe-mode. If that fails to do the trick, try running the Norton Power Eraser. 

    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default



    If you have become the victim of crimeware that regular virus scans can't detect, use the Norton Power Eraser to target and eliminate them.

    Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.


    Please keep us posted on your progress.

    Good luck,
    Thomas


  • 3.  RE: Malware that created Outlook Inbox Rules

    Posted Jun 03, 2010 11:48 AM
    it looks like spam bot has infected your machine ..usually they are rootkits..try scanning with rapidrelease des or power eraser as sugested by thomas..or try running sysnternals rootkitrevealer to check if its actually a rootkits..

    it would be good if you can call symantec so that they can analyses the loadpoint logs on your machine as suggest you necessary file submission to be made.


  • 4.  RE: Malware that created Outlook Inbox Rules

    Posted Jun 03, 2010 12:45 PM
    I would recommend a double-check on the Exchange server itself to make sure it is not compromised as well. You may be dealing with a targeted attack.