Re: "Email could not be delivered" - but was not sent by me!

From: Trafton (traftonofjj2SPAM_at_yahoo.com)
Date: 09/27/04 

Date: Sun, 26 Sep 2004 16:42:09 -0700

Hi Xylophone,

It's not your system that is infected, unless I am misunderstanding what you
are saying or your question. Rather, it is someone who has you in their
address book and also has those emails in their address book OR has gone to
web pages containing them.

The worm looks for things containing an "@", so even something random like
"cu@theparty" would be picked up as an email and sent to.

If all those programs give you a clean bill of health, it is highly unlikely
you are infected.

Hope this helps!

Sincerely,
Benjamin "Trafton" Johnstone-Anderson
Microsoft MVP, Windows Security
Security Manifest: www.msmvps.com/trafton/

"Xylophone" <m-rharrison@tiscali.co.uk> wrote in message
news:OJGgwBCpEHA.1960@TK2MSFTNGP10.phx.gbl...
> Thanks, Benjamin. I am aware of what you say, but on a NAV scan of the
> hard
> disk following such a message, which I always carry out (Spybot, etc,
> notwithstanding), I am told all clear - that should mean that what you
> describe cannot be happening, since no worm is detected in the scan.
> Comments on that?
>
>
> "Trafton" <traftonofjj2SPAM@yahoo.com> wrote in message
> news:OFXtP8BpEHA.3988@tk2msftngp13.phx.gbl...
>> Hi Xylophone,
>>
>> This is a phenomenon known as "spoofing." When a worm infects a system,
>> it
>> checks the users' address book and selects an email. It then sends itself
> as
>> that email to everyone else in their address book. For instance, say
>> James
>> Smith is infected. He has Mary Jones, Linda Johnson, and Patricia Brown
>> in
>> her address book. The worm would send itself to Linda Johnson and
>> Patricia
>> Brown under the name of Mary Jones, even though Mary isn't infected. Then
>> say that Patricia Brown's email was recently disabled. When Patricia
> Brown's
>> email provider got the message, it would think it was from Mary Jones and
>> send the error to Mary Jones. Mary Jones would then get an error about an
>> email she never sent, and James Smith would remain oblivious.
>>
>> Hope this helps!
>>
>> Sincerely,
>> Benjamin "Trafton" Johnstone-Anderson
>> Microsoft MVP, Windows Security
>> Security Manifest: www.msmvps.com/trafton/
>>
>> "Xylophone" <m-rharrison@tiscali.co.uk> wrote in message
>> news:eMrRY4BpEHA.1152@TK2MSFTNGP11.phx.gbl...
>> >I have XP Home with IE6, with strong security settings in Internet Mode,
>> >the
>> > latest Java plug-in and using ActiveX, and NAV2003, Outpost free
> firewall
>> > (showing completely stealthed, but for one port closed), Adaware,
> Spybot,
>> > Spyware Blaster, SpywareGuard, and I have renamed my admin account and
>> > attached a password. So I try to stay secure. When running these
>> > programs
>> > for problems, generally only NAV picks up and sorts a problem of any
>> > note -
>> > Netsky and Swen are the most common, two or three times day in
> emails -yet
>> > I
>> > keep getting, several times a day, a message from Postmaster or the
>> > like
>> > to
>> > say 'could not deliver to,' then an email address is given, completely
>> > unrecognisable by me, usually quite weird in its spelling, and never
>> > repeated (I think).
>> >
>> > Any comments/explanations/solutions to prevent???
>> >
>> >
>>
>>
>
>

Relevant Pages
Quantcast