Re: How Can This Happen???
From: Chuck (none_at_example.net)
Date: 22 Jun 2004 01:34:16 -0500
On 21 Jun 2004 22:02:38 -0700, *email_address_deleted* (hp) wrote:
>A friend who I haven't sent an email to in several months just got an
>email from his ISP that said I had sent him a virus just last
>Wednesday. I did a quick scan and couldn't find any viruses here so
>can't figure out how he got the email. The text of his email is
>below. I don't have any idea who "declude" is or xtreme.xmcs.org or
>mmglawyers.com is. I haven't sent any emails to any of those.
>Anyone have any ideas?? Any help would be greatly appreciated.
<SNIP another email, from an infected computer, with forged headers>
Your friend has yet another clueless ISP, who does not know how to read email
headers and see that the virus, supposedly sent by "firstname.lastname@example.org",
actually came from an e-Link customer in New York (184.108.40.206), not a DirecPC
/ Hughes customer in Maryland (220.127.116.11) (I'm betting the latter is your ip
Many of these viruses currently plaguing us have two effects - and the second is
even more annoying than the first. Many ISPs have spent time and money putting
in email virus scanning systems - and don't bother to consider that most of the
viruses being sent, from infected computers, use forged headers. That
infected computer stuck your email address into the header of the infected email
that was sent to your friend.
That infected computer might be one with your address in its address book. Or
maybe, your address was scraped from Usenet, as in from your above post.
So you munged your address in the copy of the email from your friend (you're not
"email@example.com", are you?). But you haven't yet learned to munge your
address when posting to Usenet. Check the headers of your post above.
Learn to munge your email address properly, to keep yourself a bit safer when
posting to open forums. Protect yourself and the rest of the internet - read
Paranoia comes from experience - and is not necessarily a bad thing.