Archive for E-Mail

Jul
24

Malware/Virus delivered through fake e-mail from UPS

Posted by: Paulie | Comments (1)

I have had several incidents this week of customer systems being infected by executables attached to e-mails appearing to be from UPS.

Looking around the blogs, these e-mails seem to be having a higher than normal infection rate. It is time consuming to get rid of and makes the infected machines unusable and creates a huge number of network connections.

The exact subject line of the email’s that have been received is:

UPS Tracking Number 5440074870

Attached to the e-mail is a zip file containing an executable which when executed installs "XP Security Center".

XPSecurity1 

Much more information about the detail of the actual email can be found on the Trend Malware Blog.  The worrying thing about this e-mail is that both of the machines that it infected have their e-mail filtered by very well known external 3rd party mail systems, then have virus scanning on their own Exchange servers and finally on their desktop machines.  At the moment this e-mail is still slipping through the net.

This virus does a LOT of clever things to prevent you getting rid of it.  I noticed that when trying to run Autoruns from Sysinternals that it just would not work.  Renaming the autoruns executable allows it to run.  It also stops you being able to install/download Windows Defender, disables system restore, removes the system tools program group amongst other things.

Not a very sophisticated solution but for now I have edited the Exchange IMF custom weighting file on customer systems to ensure that messages with "UPS Tracking" in the subject line are never delivered to the recipients and definitely classed as spam. 

I had written a separate post on how to remove the virus manually, but at the moment I am still monitoring the infected machines to ensure they are completely clean.

Categories : Technical Posts
Comments (1)
Oct
15

Sending backup tape reminder e-mails

Posted by: Paulie | Comments (3)

This is just a very quick script written in response to a question posted in one of the SBS yahoo groups.

It sends an e-mail to a specified recipient reminding them to change the backup tape in a server. The SBS backup system does this automatically, so this is meant for use on SBS servers using something other than the in-built SBS backup.

Installation is simply a case of extracting the contents of this zip file to a folder on your SBS server and then changing the variables at the top of the script to appropriate values for your environment.

Once done you can test interactively from a command line by running “cscript tapereminder.vbs” and once you are happy with the results setup a scheduled task to do the job daily.

Categories : Scripts & Utilities, Technical Posts
Comments (3)
Aug
27

Windows update automatic e-mail notification

Posted by: Paulie | Comments (12)

As the number of servers that I am responsible for managing increases, it becomes more difficult to ensure that they are all patched up to date.

As most of the machines I manage are SBS boxes I thought that it would be nice to put something together which behaves in much the same way as the SBS generated e-mail alerts.

So, the result is a script which sends e-mail notifications to a specified address and gives details of which patches are available to be installed.  The administrator can choose which of the four patch levels will trigger an e-mail alert (Critical, Important, Moderate & Low).

If there are no outstanding patches at the appropriate alert levels to be installed then the script will quit without sending an e-mail.

The script is then run as a scheduled task every evening and I can quickly see if I have anything to action.  The report includes links to the relevant KB articles and further information made available by Microsoft.

AutoUpdate

The script only takes a couple of minutes to setup as there are only six settings at the top of the file…

Setting any of the following to 1 will generate trigger alerts for that particular update severity:

  • AlertCritical
  • AlertImportant
  • AlertModerate 
  • AlertLow
  • EmailFrom – Specifies the e-mail address the report will be sent from.
  • EmailTo – Specifies the e-mail address to send the reports to.

variables

As shown above I have been running with AlertCritical/AlertImportant set to 1 and the other two set to 0. 

So, if you want to receive email alerts all you need to do is download this Zip file, extract the contents to a folder on your server and then edit the variables at the top of the script.  To perform a test run go into a command prompt and change directory to the location where you extracted the script and run:

cscript winupdates.vbs

With any luck you should get an e-mail soon after with the results.  If you find that it is not generating you an e-mail as expected, one reason may be that there are no patches available to install.  Bear in mind that not all items from Windows update will appear.  For example “Internet Explorer 7″ is not a patch and therefore will not be listed.

Running the script interactively as above will take a few moments while Windows Update(or WSUS if you have it installed) are checked for new updates. 

Once you have completed a successful test you can go ahead and setup a scheduled task.  Assuming an installation directory of “c:\scripts” the scheduled task command should look something like this:

C:\WINDOWS\system32\cscript.exe c:\scripts\winupdates.vbs

Also worth a mention that I have used this on standard(non-sbs) Windows servers and it works well.

Perhaps if enough people use this script, it will actually save as much time as it took to make it, but I doubt it. :)

Categories : Scripts & Utilities, Technical Posts
Comments (12)
Jan
28

Exchange 2003 SP2 IMF Keyword Manager

Posted by: Paulie | Comments (28)

Exchange 2003 sp2 comes with an updated intelligent message filter. One of the new features of the updated IMF is the ability to add a custom weighting file that gives administrators more control over incoming mail.

I have used this file a few times on customers systems, usually to allow certain automated e-mails through the IMF which were being incorrectly identified as spam.

The problem is that Microsoft have not included a GUI to edit the MSExchange.UceContentFilter.xml file. ?Ǭ�So it must be generated by hand, and while this isn’t difficult, it is not very convenient and it is easy to make a mistake.

I was looking for an excuse to have a play with Visual Basic 2005 and so I have made a little utility to make creating and managing the MSExchange.UceContentFilter.xml a little easier.

Screenshot 1

Becomes….

Generated XML File

The utility can be downloaded from here.(Requires .net 2.0).

If you need more information on how to implement the custom weighting feature then see:

Microsoft Exchange Server 2003 Service Pack 2 Release Notes
Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide

Categories : How To, Scripts & Utilities
Comments (28)

Recent Posts

Recent Comments

Tags

Automatic Notifcation Backup Backup Exec CoreFTP CuteFTP E-Mail Exchange FTP ISMTPOnArrival_OnArrival NetMon Packet Capture Password Recovery Remote Desktop SBS 2003 Security Spam Speedtouch Ping Wan Tunneling VBScript Virus Vista VPN Windows 2008 R2 Windows Automatic Updates ZoneAlarm