Re: How Can This Happen???

From: Chuck (none_at_example.net)
Date: 06/22/04


Date: 22 Jun 2004 01:34:16 -0500

On 21 Jun 2004 22:02:38 -0700, *email_address_deleted* (hp) wrote:

>A friend who I haven't sent an email to in several months just got an
>email from his ISP that said I had sent him a virus just last
>Wednesday. I did a quick scan and couldn't find any viruses here so
>can't figure out how he got the email. The text of his email is
>below. I don't have any idea who "declude" is or xtreme.xmcs.org or
>mmglawyers.com is. I haven't sent any emails to any of those.
>
>Anyone have any ideas?? Any help would be greatly appreciated.
>
>Harry

<SNIP another email, from an infected computer, with forged headers>

Harry,

Your friend has yet another clueless ISP, who does not know how to read email
headers and see that the virus, supposedly sent by "my-email@my-isp.com",
actually came from an e-Link customer in New York (216.57.26.222), not a DirecPC
/ Hughes customer in Maryland (66.82.9.43) (I'm betting the latter is your ip
address).

Many of these viruses currently plaguing us have two effects - and the second is
even more annoying than the first. Many ISPs have spent time and money putting
in email virus scanning systems - and don't bother to consider that most of the
viruses being sent, from infected computers, use forged headers. That
infected computer stuck your email address into the header of the infected email
that was sent to your friend.

That infected computer might be one with your address in its address book. Or
maybe, your address was scraped from Usenet, as in from your above post.

So you munged your address in the copy of the email from your friend (you're not
"my-email@my-isp.com", are you?). But you haven't yet learned to munge your
address when posting to Usenet. Check the headers of your post above.

Learn to munge your email address properly, to keep yourself a bit safer when
posting to open forums. Protect yourself and the rest of the internet - read
this article.
http://www.mailmsg.com/SPAM_munging.htm

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.



Relevant Pages

  • Re: Email Virus
    ... >>>I frequently receive emails which appear to be viruses that I assume ... >>>to be a Microsoft executable. ... >>Off hand I would say you have a virus running on your Micro$not box. ... Here are some headers (edited to protect the specific account where I ...
    (comp.os.linux.security)
  • Re: How Can This Happen???
    ... > viruses being sent, from infected computers, use forged headers. ... > that was sent to your friend. ... > That infected computer might be one with your address in its address book. ... Check the headers of your post above. ...
    (alt.computer.security)
  • Re: vírus...
    ... Most of the current viruses find email addresses in the ... being used by an infected computer, ... | How I can be sure that I do not be with a program spyware | or virus?? ...
    (microsoft.public.security.virus)
  • Re: Can anything be done about malicious emails containing viruses?
    ... Since Monday, I've received five viruses. ... It looks (from the Received headers) that you'll be able to reach ... if you reach a person targeted for garbage by the virus writer, ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (comp.security.misc)
  • Re: Someone sending e-mails with my address
    ... Yes, but it's less likely that the OP has a virus, than that someone who has ... Most viruses spoof the sender ... by grabbing addresses from the infected computer, ... I'll take the beer anyway. ...
    (microsoft.public.security)