Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

question about server and Microsoft Exchange


  • Please log in to reply
8 replies to this topic

#1 fwbdave

fwbdave

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 AM

Posted 05 December 2013 - 08:12 PM

Our server crashed at work today and the local repair company is saying it is virus related. We use mostly Iphones with Microsoft exchange for the calender and emails. I know I cant get a trojan on my iphone through an email, but if i open it with my phone can it infect the server? Or if i open it remotely with my laptop through exchange can it infect the server? Management thinks it is because of the phones and says we have to shut down our email. I really hate to lose my calender because of this. TIA David

 



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 05 December 2013 - 10:15 PM

I would not rely on that tech company for any more repairs, as they seem very incompetent. Opening an email on your iphone cannot infect the Exchange server.

What do you mean by crashed?

#3 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:10 AM

Posted 05 December 2013 - 10:37 PM

I had to look that one up, Dan beat me to it (I wasn't too sure anyways). If you post your dump file we can tell you what happened.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#4 fwbdave

fwbdave
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 AM

Posted 07 December 2013 - 03:17 PM

My employers think its from the phones because we never used them until about 6 months ago. The tech company just said it was most likely from emails but didnt say it was from the phones. I just didnt think it could affect the server. but if I delete an email from my phone it deletes it from my desktop as well, and if i open it on my phone it no longer shows up as new on my desktop. thats why I was not sure if a virus can manipulate my desktop or the server if it is opened remotely...I cant get the dump file....David 



#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 07 December 2013 - 04:22 PM

Of course that is how email and exchange works once you delete it from one device it deletes it from server as well unless you have a setting enabled to keep a copy on the server then you can access it from multiple devices until you delete it. Thats how IMAP works which is what exchange runs on works.

#6 techwizard

techwizard

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakeland, Georgia
  • Local time:08:10 AM

Posted 09 December 2013 - 09:56 PM

Not knowing the particulars of course, the chance that the Exchange server was infected with a virus because you connected to it with a phone is unlikely. Please note I never say impossible as we all know how creative some can be at some point :nono:

 

What is likely to have happened conventionally, if the Server does in fact have a virus is that a computer that is connected to the network and network resources got a virus, very usual for these to be gotten by email, and it spread through the network connection. To answer the question is it possible for those attachments to travel back to the exchange server through your phone? Nothing is impossible though the world of Phones and their threats is not one of my current specialties...that to though I would think extremely unlikely.

 

Email and attachments are on the server...without some type of execution or opening, on the actual server there is really no way for it to infect the server conventionally but machines that are attached to network assets i.e. network drive or that run software from the server can. I don't think phones qualify.



#7 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:11:10 PM

Posted 16 December 2013 - 09:47 PM

Of course you can destroy a exchange server with a compromised phone, wether it be through android or apple(Drive by download or exploitation), give me 5 minutes with a  phone that doesnt have a pin and i get your username and password for your email account and you might just so happen to have PPTP running and Dial In enabled = true on the Account. Then people will get in your exchange server and run malware. People will send emails to the contacts list as its coming from you and click a URL or execute a .exe inside a zip. hard delete from exchange to cover the tracks, perge the logs and done!.

 

please note, that default retention policies on Exchange will keep that email for longer than 6 months.



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 17 December 2013 - 06:37 AM

The phone would have to recognize that an exe file is an executable for your theory to work otherwise it will not even install or execute on the phone.

My iphone and my sons android device does not know how to handle an executable file for installation, and I am not sure on Windows Powered phones, but I am confident that those phones do not know how to handle executable files such as .exe.

Only way to exploit the exchange server would be from a Windows Machine with the capability to execute executable files or to DDoS them.

#9 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:11:10 PM

Posted 17 December 2013 - 07:37 PM

The phone would have to recognize that an exe file is an executable for your theory to work otherwise it will not even install or execute on the phone.

My iphone and my sons android device does not know how to handle an executable file for installation, and I am not sure on Windows Powered phones, but I am confident that those phones do not know how to handle executable files such as .exe.

Only way to exploit the exchange server would be from a Windows Machine with the capability to execute executable files or to DDoS them.

 

Yeh i wasnt really talking about execution using a exe binary on a  phone, im talking about someone stealing credentials over bluetooth from a iphone/android (Or physically taking ownership long enough to steal the credentials XML used in plain text by apple (Yes its a flaw))  and then using that to login to exchange OWA or through RDP (If the user has dial in access granted through Active Directory) and then distributign through email URL's/drive by downlaods. Once you have a phone in your hands and its hooked up to your wifi, packet sniffing to obtain credentials is even more easy. As far as im concerned, once the damage has been done i coudlnt give a rats a$$, i would want to know how it got explotied in the first place and generally thats through measures that need to be understood by all employees IE(Dont stick a USB drive in thats says "Awsome Porn" on it sitting on the hotel table when traveling for sales), i even knew one hacker that "claims" he accessed parlimentarian data from laptops because he scattered USB sticks around Canberra (Australia) near parliment house in the hope of some dufess minister sticking it in their laptops, curiosity will always be an attack vector for compromising a server/data centre.

But getting back to the main point about a virus executing from mailstore, no thats near on impossible. You would have to exploit OWA first (Which with a simple google search can get some very nice results to /vti_). There are files though that on the last few bytes execute a self extraction (Symantec EPM updates), so i woudl also assume that it could self execute a trojan once the HTML body of a message has been viewed (Speculation at this stage).

 

Anyway i could on and on about how this but its best left out of these forums lol.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users