During the past 48 hours many of the accounts on my server, including myself and several customers, have started receiving a bunch of bogus emails, all of them having a .zip file attached which of course contains an executable.
The addresses it's from are spoofed - some of them appear to be coming from ourselves, some of them are coming from fake addresses like these:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
The attached files are usually named one of the following:
reg_pass.zip
mail_body.zip
list.zip
downloadm.zip
mail.zip
question_list975.zip
The thing is there seems to be no correlation/connection between any of us who are receiving the emails, it just seems like someone has managed to be able to target any email address for any account hosted on my server.
Has anyone else been hit with this? Does anyone know of a good solution?
I have temporarily blocked .zip files from exim, but obviously that is not a good solution because my customers need to be able to email zips.
I'm incredibly frustrated at this point and not sure what to do, thanks for any advice,
Dave
The addresses it's from are spoofed - some of them appear to be coming from ourselves, some of them are coming from fake addresses like these:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
The attached files are usually named one of the following:
reg_pass.zip
mail_body.zip
list.zip
downloadm.zip
mail.zip
question_list975.zip
The thing is there seems to be no correlation/connection between any of us who are receiving the emails, it just seems like someone has managed to be able to target any email address for any account hosted on my server.
Has anyone else been hit with this? Does anyone know of a good solution?
I have temporarily blocked .zip files from exim, but obviously that is not a good solution because my customers need to be able to email zips.
I'm incredibly frustrated at this point and not sure what to do, thanks for any advice,
Dave
