你会检查什么，这是你的推荐？ [英] what would you check, which is your recommendation?

问题描述

今天凌晨2:30我开始以惊人的速度收到垃圾邮件：今天早上我收到了1200封垃圾邮件。



我''已经看到有不同的帐户受到影响，但大多数有三个（公司域）受到影响。



除了我的所有计算机都关闭，但我的锁定并且未开始前景。



你怎么看？你会检查什么？



我已经离开了它与mse和norton进行系统检查......



欢迎任何提示。

This morning at 2:30 I''ve started receiving spam at an incredible pace: this morning I had already received 1200 spam mails.

I''ve seen that there are different accounts affected, but mostly there are three of them (company domain) which are suffering from that.

All the computers except mine are off, but mine is locked and outlook is not started.

What do you think? What would you check?

I''ve left it doing a system check with mse and norton...

Any hint is welcome.

推荐答案

电子邮件是否被退回？



真的，这不是感染。垃圾邮件发送者有时会抓住随机域名并开始工作。随机用户名附加到域并发送垃圾邮件。他们实际上并不需要访问任何服务器或DNS。



当然，它有点复杂，但如果它被反弹 ，意味着你被用于发送（来自和来），你可以在域级/服务器级拦截（假设你有一个交换服务器）。



你应该做的是做出反应：删除并拦截反弹并联系律师追查并在必要时采取法律行动。你的噩梦刚刚开始。如果你有一个公司网站，这个网站可能会被邮件服务器列入黑名单，当你发送时，它将转到垃圾邮件。



最后，如果你觉得有人有一个妥协的地址簿，那么你需要深入到实际的客户站，但这似乎不太可能从你的广泛描述。



首先，我会直接进入服务器并开始拦截。该级别的黑名单，以便用户大部分不受影响。

Are the emails "bounced"?

Really, this is not an "infection". Spammers grab random domains at times and start their work. Random user names are attached to the domain and spam is sent. They don''t actually need to have access to any server or DNS.

Of course, it is quite a bit more complicated, but if it is "bounced", meaning that you are being used for the send (both from and to), the you can intercept at the domain level/server level (assuming you have an exchange server).

What you should be doing is reacting: delete and intercept the bounces and contact an attorney to track down and pursue legal action if desired. Your nightmare is just beginning. If you have a company site, this site could possibly become blacklisted by the mail servers and everthing will go to "Junk" when you send.

Lastly, if you feel that someone has a compromised address book, then you need to root deep into the actual client station, but this seems unlikely even from your broad description.

First and foremost, I would go straight to the server and start intercepting. Black list at that level so that users remain mostly uneffected.

这篇关于你会检查什么，这是你的推荐？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！