Getting hit with .zip file emails with viruses.

TogaDave

Well-Known Member
Apr 13, 2003
134
0
166
During the past 48 hours many of the accounts on my server, including myself and several customers, have started receiving a bunch of bogus emails, all of them having a .zip file attached which of course contains an executable.

The addresses it's from are spoofed - some of them appear to be coming from ourselves, some of them are coming from fake addresses like these:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

The attached files are usually named one of the following:

reg_pass.zip
mail_body.zip
list.zip
downloadm.zip
mail.zip
question_list975.zip

The thing is there seems to be no correlation/connection between any of us who are receiving the emails, it just seems like someone has managed to be able to target any email address for any account hosted on my server.

Has anyone else been hit with this? Does anyone know of a good solution?

I have temporarily blocked .zip files from exim, but obviously that is not a good solution because my customers need to be able to email zips.

I'm incredibly frustrated at this point and not sure what to do, thanks for any advice,
Dave
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,135
1
168
New York
This week has been really rough. We are getting hit from all sides. Lots of returns are coming from someone spamming senators and congressmen with the similiar zip files. I think this is a co-ordinated effort and may be intended to be done during this quiet holiday week where there are less people around to report spam or fix problems.
 

Brandonm

Active Member
Aug 31, 2003
43
0
156
Our machines are also being hit with this same type of emails. Some clients reporting upward of 3000 emails per day.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
I would suggest that you seriously look into a server-side anti-virus/anti-spam solution (other than the inbuilt cPanel offering). There's a good one from rvskin and MailScanner will stop these dead. I haven't had a single virus get through it.