Sections:
Home |
Featured Blogs |
News Briefs |
Industry Updates |
Topics |
Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
Copyright © 2002-2008 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Local Time: Saturday, November 22, 2008 09:05 AM PST – Page Load: 0.2169 Sec.
Local Time: Saturday, November 22, 2008 09:05 AM PST – Page Load: 0.2169 Sec.
A few ways to mitigate this -
* Filter inbound mail to your servers using the spamhaus XBL (exploits block list) at http://www.spamhaus.org
* ISPs - monitor XBL entries for anything in your IP space, and jump on 'em - these are usually currently emitting spam sources, so you'll be able to get all that you need to fix the spam [typically finding a user with an infected PC]
* Block port 25 outbound across your network (especially on NAT gateways for LANs - and if possible at the edge of your dialup / dhcp user pool) to prevent direct to MX emission from viruses.
* Separate your inbound and outbound mailservers. Then make sure your MXs (inbound boxes) don't relay mail for your dialup pool. More than one virus (sobig variants I think) have this habit of looking at the infected system's IP (from winipcfg / ipconfig), doing a reverse DNS lookup to get the domain it belongs to (foo-bar-baz.cable.example.com - gets the domain example.com) .. and then doing an mx query for example.com, then trying to relay mail out through the MX servers.
AV filtering on your outbound mailservers
Lock down the netbios / windows messenger ports if at all possible. A lot of viruses spread this way.