Video Screencast Help

php emails

Created: 23 Jan 2013 • Updated: 23 Jan 2013 | 5 comments

I have noticed over time that we have received occasionally  from good customers e-mails which look suspicious. They contain a URL and nothing else.

The URL looks similar to this http://www.name.name/2bjz1.php

 

 

Can someone please tell us what this is.

 

They seem to come from an existing client who may have, for example Gmail, in multiples at the same time.

 

Once they start to come from an e-mail address they seem to come continually with different URLs in these e-mails.

 

Are these of threat or just an annoyance?

 

Selisky

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

ohzone - CherylPeterson's picture

Hi Selinsky,

What Symantec product are you using for messaging? This forum is for questions regarding Symantec ServiceDesk. I'd be happy to redirect your question if you'd like.

Thanks
Cheryl

Endpoint Management,
Endpoint Virtualization
Managing Mobility
Community Manager
www.twitter.com/EMnV_symc
Need Altiris help? IRC chat #Altiris

Selinsky's picture

Hi Cheryl,

I use Endpoint Protection. However the uestion is generic and not product related so I though someoen in service at Symantec could answer this.

Please redirect and let me know.

:-) 

 

ohzone - CherylPeterson's picture

It felt like a generic question to me, but I wanted to be sure. I'll toss it over the wall and hope someone in the Endpoint Protection forum can help you out.

Good Luck!

Endpoint Management,
Endpoint Virtualization
Managing Mobility
Community Manager
www.twitter.com/EMnV_symc
Need Altiris help? IRC chat #Altiris

SebastianZ's picture

This looks suspicious enough, it may be threat distribution or phishing attempt. It may look like coming from known user or customer but the message itself may be spoofed with forged email source address.

I believe most of the known email services providers have adressed several of these issue:

http://support.google.com/mail/bin/answer.py?hl=en...

http://answers.yahoo.com/question/index?qid=200912...

...if you google for similar you probably find plenty of these.

 

As recommendation goes - good education of end users is required to be extreme vigiliant about emails coming with attachments or links - even when those seem to come from known adresses - it should be easy enough to confirm with the existing sender if he really have sent any messages.

+ ensure you are running dedicated email antivirus and antispyware protection - either directly on the mail server or from the level of mail clients (from SEP it can be Outlook, lotus notes or SMTP/POP3 protection component).

 

.Brian's picture

Looks suspicious to me. Usually the .php is involved in scripting attacks. Your browser will land on this page and from here an attack will take place with a vulnerability in the browser.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.