Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Exploits/vulnerabilities

  1. #11
    Join Date
    Dec 2007
    Posts
    50
    Rep Power
    8

    Default

    Quote Originally Posted by mcesari View Post
    Most of the email accounts that I see get "hacked" to send spam were victoms of phishing attacks.
    I actually have been seeing this more often lately and the best thing to do is look for wierd IPs in the audit.log and to grep through the output of zmprob gaa -v to look for wierd reply to addresses and forwarding addresses

    After spending a few hours looking over various system some of our users did fall victim to a phishing attack. What gave it away was all the rejects on our SMTP servers. Another sign was that our Groupwise box was hit too.

  2. #12
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Okay, so what was the the phishing attack ? Did they pretend to be from your support team to get login credentials ? It appears to be a very targeted attack, especially as they got your users email addresses.

  3. #13
    Join Date
    Dec 2007
    Posts
    50
    Rep Power
    8

    Default

    Quote Originally Posted by uxbod View Post
    Okay, so what was the the phishing attack ? Did they pretend to be from your support team to get login credentials ? It appears to be a very targeted attack, especially as they got your users email addresses.

    It was a email claiming to be from our Support.

  4. #14
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    ouch! very targeted then. I presume some user training has been applied then sorry you had the bad luck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •