<<< Date Index >>>     <<< Thread Index >>>

Eudora SPAM Issues..



I have a client who is seeing large amounts of spam originate inside their 
organization. I have traced the spam to Windows machines running Eudora 6.1.1 
(latest) in paid mode. Apparently, spam messages come in, something is executed 
in these spam messages, and copies/duplicates (with forged names/headers) 
immediately drop into the Eudora OutBox (Messages waiting to be sent) to many 
users all located in the Eudora Addressbook of that particular computer.

We have scanned (in safe mode and regular) with Norton AV Corporate fully up to 
date, along with numerous spyware, malware, adware scanners (Spybot Search & 
Destroy 1.3, CWShredder, Ad-Aware) all with up to date definitions, and have come 
up with nothing.

It seems as though some sort of arbitrary execution of code within Eudora 
emails is automatically executed before the Incoming SPAM is classified as such 
and moved into the JUNK folder.

Headers of the outgoing spam contain the following lines (other than forged 
from, reply-to, to, and subject):

 X-Mailer: Zckvdgt 0.7
 Content-Type: text/html;
 Content-Transfer-Encoding: 7Bit

The outgoing spam is not always the same, but is (I believe) based on the spam 
that comes in. We have seen Prescription Drugs, Pornographic Sites, and other 
common SPAMs.

Is anyone else seeing this or can anyone provide any information? Any advise 
would be helpful. In the time being, I am going to move those users to 
Thunderbird in efforts to stop originating spam.

Thanks

Brian T Luerssen
Infinite Consulting Inc.