SquirrelMail › squirrelmail-users

Squirrellmail user account compromised

Classic

List

Threaded

2 messages Options

amutoti

Squirrellmail user account compromised

I am using SquirrelMail version 1.4.8-21.el5.centos for webmail and one of my users when trying to send email via webmail it does not send using his real account but instead the is what his recipients will receive in their inbox;

Email address: Mrs.Lola Sanchez <info@Lola.com>

Message body:

Dear Respected

I am Mrs.Lola Sanchez,manager bills and exchange at the foreign remittance department of La_caixa bank Madrid.I have a business suggestion for you.It involve the transfer of($ 15.2 million US Dollar).if interested please reach me on(mrslolasan003@qq.com) with more details of this operation.
Kind Regards,

Mrs Lola Sanchez.

However this does not happen when he is using Microsoft Outlook

Julien Métairie

Re: Squirrellmail user account compromised

Le 09/01/2016 06:39, amutoti a écrit :

> I am using SquirrelMail version 1.4.8-21.el5.centos for webmail and one of my
> users when trying to send email via webmail it does not send using his real
> account but instead the is what his recipients will receive in their inbox;
>
>
> Email address: Mrs.Lola Sanchez <[hidden email]>
>
>
> Message body:
>
>
> Dear Respected
>
>
> I am Mrs.Lola Sanchez,manager bills and exchange at the foreign remittance
> department of La_caixa bank Madrid.I have a business suggestion for you.It
> involve the transfer of($ 15.2 million US Dollar).if interested please reach
> me on([hidden email]) with more details of this operation.
> Kind Regards,
>
>
> Mrs Lola Sanchez.
>
>
> However this does not happen when he is using Microsoft Outlook
>
>
>
>
> --
> View this message in context: http://squirrelmail.5843.n7.nabble.com/Squirrellmail-user-account-compromised-tp26228.html
> Sent from the squirrelmail-users mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>

Hi,

You need to find where the malware is operating. Here are a few stuff to
verify (without any order):
- Is the end user's computer clean?
- Try to send out a message from another account, and from another
client computer;
- (In case of Windows client) Reset the user's Windows profile;
- Don't you have a malicious SM plugin installed?
- Was your SM installation altered by a malware? Check files timestamps
and/or md5 sums.
- Install a new SM instance and ask the user to use it.
- (In case of Unix authentication) Is the user's Unix account healthy?

Regards,
Julien

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users