We've been bombarded by pop-up windows - what can we do?

One of my users in our network received an e-mail. After opening the e-mail, he was bombarded by a multitude of pop-up windows. I have deleted all the cookies and temp files as well as all offline content from his system, yet he is still receiving these pop-ups. How can I get rid of this? I have even loaded a pop-up stopper on his PC with no such luck. Please help.

    Requires Free Membership to View

    Login

Sorry to hear about your user and the pop-up windows bombardment. No doubt, this can be both frustrating and an embarrassing situation.

First, begin by identifying the domain or IP address of the source of your email, then set up a filter in your mail server to block SMTP traffic from the source to your entire network and customers. A quick look at the Message Source in the Details tab of File|Properties of the email (e.g., in Outlook) will display the Return-Path, IP address (Received:from), and ESMTP/SMTP ID of the source of e-mail - information that you will need later to track the message in your firewall and mail server.

Second, check your firewall and mail server logs to determine the extent of bombardment to other customers and users in your company. Run a search of the above domain(s) and IP address(es) and try to find a pattern; for example, try to isolate when pop-ups first occurred and the IP address of host on your network visiting the domain the pop-ups are generated from. Notify the sender's ISP and report the incident. Provide them with the above information. While you're at it, find out what your ISP's Internet Abuse Policy/Program offer for assistance.

Use "tracert to locate the hop closest to the last IP address displayed. Keep in mind that 1) your firewall policy may be configured not to permit tracert, and 2) the trace may not complete due to a firewall rule at the source's side.

Third, find out if your firewall offers anti-SPAM features and supports a filter (similar to filter on your mail server). Next, configure a filter on your firewall. Consider configuring an Access Control List (ACL) on your border router and filtering IP address or network to stop pop-ups in your perimeter router.

Fourth, update your anti-virus engine and signature file and launch a full scan on the affected host(s) then notify your Anti-virus company to make sure that the host(s) doesn't have a Trojan horse.

Finally, recommend that a formal e-mail be sent to inform other internal users of pop-ups and to report to Operations/IT Department any spams, pop-ups, suspicious behaviors with email client, browser, etc? This is also a good time to review your company's corporate security policy and, depending on your role, inform and educate users not to open emails from unknown senders. When in doubt, users should contact their IT Manager.
Kind regards,
Luis

This was first published in September 2004

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top