Endpoint Protection

 View Only

  • 1.  php emails

    Posted Jan 23, 2013 02:56 PM

    I have noticed over time that we have received occasionally  from good customers e-mails which look suspicious. They contain a URL and nothing else.

    The URL looks similar to this http://www.name.name/2bjz1.php

     

     

    Can someone please tell us what this is.

     

    They seem to come from an existing client who may have, for example Gmail, in multiples at the same time.

     

    Once they start to come from an e-mail address they seem to come continually with different URLs in these e-mails.

     

    Are these of threat or just an annoyance?

     

    Selisky



  • 2.  RE: php emails

    Posted Jan 23, 2013 03:43 PM

    Hi Selinsky,

    What Symantec product are you using for messaging? This forum is for questions regarding Symantec ServiceDesk. I'd be happy to redirect your question if you'd like.

    Thanks
    Cheryl



  • 3.  RE: php emails

    Posted Jan 23, 2013 05:14 PM

    Hi Cheryl,

    I use Endpoint Protection. However the uestion is generic and not product related so I though someoen in service at Symantec could answer this.

    Please redirect and let me know.

    :-) 

     



  • 4.  RE: php emails

    Posted Jan 23, 2013 05:20 PM

    It felt like a generic question to me, but I wanted to be sure. I'll toss it over the wall and hope someone in the Endpoint Protection forum can help you out.

    Good Luck!



  • 5.  RE: php emails

    Posted Jan 23, 2013 05:52 PM

    This looks suspicious enough, it may be threat distribution or phishing attempt. It may look like coming from known user or customer but the message itself may be spoofed with forged email source address.

    I believe most of the known email services providers have adressed several of these issue:

    http://support.google.com/mail/bin/answer.py?hl=en&answer=50200

    http://answers.yahoo.com/question/index?qid=20091209171845AAlUQsJ

    ...if you google for similar you probably find plenty of these.

     

    As recommendation goes - good education of end users is required to be extreme vigiliant about emails coming with attachments or links - even when those seem to come from known adresses - it should be easy enough to confirm with the existing sender if he really have sent any messages.

    + ensure you are running dedicated email antivirus and antispyware protection - either directly on the mail server or from the level of mail clients (from SEP it can be Outlook, lotus notes or SMTP/POP3 protection component).

     



  • 6.  RE: php emails

    Posted Jan 23, 2013 09:43 PM

    Looks suspicious to me. Usually the .php is involved in scripting attacks. Your browser will land on this page and from here an attack will take place with a vulnerability in the browser.