We receive daily several emails from various addresses that are garbled junk. We've now rec'd a request from someone for one of our users to stop sending the same type of emails. We are fully current with Symantec AV (server side and enterprise-wide on PC's).
From my googling, I believe this to be some type of auto-executable code that our mail server/client (Domino/Lotus Notes) cannot translate and execute. I also think it's something like Klez, in that it uses an address from the infected PC's address book to be forged as the sender.
Have you encountered this and do you have any explanation as to what's going on?
An example of one of these is below.
Also, there are no attachments with these emails.
Thanks and kind regards,
SAM
From: santosor [mailto:santosor@//////////////.com]
Sent: Thursday, May 08, 2003 2:54 PM
To: Rhodes, Steve R
Subject: SetExposed(id)
Content-Type: application/octet-stream;
name=fr_left[1].htm
Content-Transfer-Encoding: base64
Content-ID:
DQoNCg0KDQoNCjxodG1sPg0KPGhlYWQ+DQo8IS0tLyoqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqDQpDb3B5cmlnaHQgKEMpIDIwMDEgVGhlIEZlZWRSb29tDQpUaGlzIHNjcmlwdCBpcyBt
etcetera... (Sometimes 15 lines, sometimes 3 pages)
General