Yesterday our employees and customers started getting hammered with email that claimed to be from us and had a Word document attached that was detected as W97M.Downloader!g19. I have no trouble understanding how someone can spoof our email address and can mass email others claiming to be us to spread malware. This kind of thing is almost as old as the internet. However, the thing that surprised me is that the body of the emails were marked as replies to actual email from our company, and the recipient list on some of them was employees only. I checked the headers and these are coming from a domain that is not ours, and an email provider that is also not ours. Any thoughts on where they got the contents? If they had compromised our email accounts, I would think they would have just sent them from our accounts...
Thanks for the reply. The link worked yesterday but it looks like that site is down today. Ultimately my biggest problem is figuring out where someone got our actual email without it looking like they have access to our email accounts. I have doubts I will find the answer to that. The return address was ours but the actual sender was not us. At least one of these emails was employees only. We scanned all of the PCs for malware and they came up clean.