Unexpected Spam email in Outlook Draft folder

JOE TAM 86 Reputation points
2021-09-09T10:00:17.8+00:00

Dear sir, 

A user found that he has 2 unexpected email in his draft folder today, the message is not belonged to him. Server is Exchange 2019, Outlook is also version 2019.

The email subject name is created by random character: atsgtzpuisiumus , another same email subject is : asdfareafaas.

Inside the email content, both are the same single sentence: "hello darkness my old friend". 

It seems that it is an unexpected spam message.  May I know how to check why the message can exist inside user of "Draft" folder?

Any suggestion to trace or prevent such message? Or PC has been hacked by virus?

Regards,
Joe Tam

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,873 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,335 questions

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KyleXu-MSFT 26,206 Reputation points
    2021-09-10T06:33:37.24+00:00

    @JOE TAM

    Here is a blog from Microsoft, it said: ProxyShell vulnerabilities and your Exchange Server

    Your Exchange servers are vulnerable if any of the following are true:

    • The server is running an older, unsupported CU (without May 2021 SU);
    • The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
    • The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.

    In all of the above scenarios, you must install one of latest supported CUs and all applicable SUs to be protected. Any Exchange servers that are not on a supported CU and the latest available SU are vulnerable to ProxyShell and other attacks that leverage older vulnerabilities.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
  2. Andy David - MVP 141.1K Reputation points MVP
    2021-09-09T11:27:45.083+00:00

    I suspect your server has been hacked:
    https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html

    Have you applied the latest July critical security updates for Exchange?

    0 comments
  3. Samijuke 6 Reputation points
    2021-09-09T11:43:40.897+00:00

    Hello,

    I have the same drafts from a user, with the same subject "hello darkness my old friend".

    Bitdefender antivirus shows nothing, the PC and office suite 2019 are up to date, as well as Exchange 2019.

    If you have more info I'm interested.

    Best regards

    Sami

    0 comments
  4. Andy David - MVP 141.1K Reputation points MVP
    2021-09-09T11:47:36.173+00:00
  5. Max Fury 151 Reputation points
    2021-10-01T04:46:15.627+00:00

    I too have faced such a problem. If I can get any help from here then I will be grateful.