Re: Is my linux box an email zombie? Mydoom?

From: James T (turajb_at__NOSPAM_hoflink.com)
Date: 02/29/04 

Date: Sun, 29 Feb 2004 18:47:22 GMT

On Sun, 29 Feb 2004 10:32:46 -0800, Geoffrey wrote:

> My linux server runs Mandrake 9.1. I use mozilla mail GUI. and have
> noticed several returned as undeliverable email messages for emails
> that I never sent. It looks like my server is sending out spam to
> other computers trying to sell viagra and other RXs, because I am
> getting failed delivery notices from other email servers saying
> foo@foo.com is not a valid email address, and the body has viagra/RX
> promotion info in it.
>
> Subject: Delivery failure
> from: Mailer-Daemon@Yahoo.com
> To: my email address
> Body:
> The following emails could not be delivered
>
> could not deliver email to joe@yahoo.com - account does not exist...
>
> I have made the mistake of running my gui and hence my Mozilla mail
> client as root - I know this is a no no. I will not do this anymore
> now that I know there are actually virus and worms targeting linux.
>
> If I have ran my gui as root can I get an email virus via email by
> opening an email and not opening an attachment?
>
> Do I assue that I have the MYDOOM virus, or could this be that these
> emails are mydoom emails from others fishing for something, or
> nuisance emails from other email zombies?
>
> How do I verify that my server is sending emails ( sendmail logs?) and
> that I have a virus/worm?
>
> Is the best thing for me to do to reinstall?
> If I reinstall and run GUI as non-root, and do not open attachments,
> is there anything else that I should do to avoid this problem in the
> furture.
>
> Thanks.

I get lots of those emails myself on both my PC's Windows [:-(] &
Fedora [:-)] in each of my email accounts. This is usually virus/spam
trickery to get you to open the attachments & infect your computer. You
should look at the header of those emails & I believe you will find they
did not originate from your box. Your box should be relatively secured
since attachments do not automatically open/run in Linux. I don't think a
reinstall is necessary because of this fact. I would still also recommend
that you do a fast review of your logs; but shouldn't be a problem.

James

Relevant Pages

  • Re: Exchange can send but wont receive after Lovegate worm.
    ... Recommended advice for a compromised system is to flatten and reinstall, ... I have no experiance with trend but know it is very good. ... server / exchange via email. ... All workstations 100% uptodate with virus checkers? ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Outlook Express
    ... just delete Outbox.dbx while Outlook Express is closed. ... >> I had to reinstall windows xp which has the service pack 1. ... >> install when I go to outlook express I cannot open my attachments. ... > potentially be a virus". ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Server down - virus?
    ... > (nor were they able to connect via VPN over the weekend). ... > get the server back up. ... They blamed it on a virus which "must have come in ... Nor did they reinstall any software. ...
    (microsoft.public.windows.server.general)
  • Re: Formatting a server hard drive
    ... Is it any different to format a server's hard drive to ... We have a virus on our server and ... after we reinstall the server? ...
    (microsoft.public.sqlserver.setup)
  • Outlook Express sends Garbled Text
    ... Tried Everything I know including reinstall IE 6. ... for XP and stops Installation. ... It Works OK with one server but fails with my favorite server. ... Suggests virus. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)