question for computer guys, returned email...virus?

[shootist16]

I have been getting returned mail messages from email addresses that I have never heard of. I got an email last night saying that an email I sent had a virus. It was an email address that I have never heard of. I have virus software on my computer. It scans every email I send and recieve. I have not been sending emails to these addresses. Does anyone have any idea why I am getting bounced emails from places I have not sent emails? I scanned my computer for viruses immediately after getting the message. No viruses. Could someone else be sending emails from my address?

 

[Skyline]

Originally posted by shootist16
Could someone else be sending emails from my address?

Most likely someone sent email pretending it came from your address...

 

[Ron Andersen]

Hey Dennis,

I'm not a computer guru, but what likely is happening is something called "email spoofing." Here's a quote from Norton AntiVirus's website that might explain it better than me:

Someone tells you that you sent a W32.Klez-infected email message but Norton AntiVirus does not detect the worm

Situation:
You are told that you have sent an email that has been infected by one of the variants of W32.Klez and that your computer must be infected. However, when you run a virus scan with Norton AntiVirus (NAV) using the latest virus definitions, nothing is detected.

Solution:
Variants of the W32.Klez worm spread by searching the Windows address book, the ICQ database, and all local files for email addresses. The worm puts one email address in the "To" field and one in the "From" field of an infected email message. When it sends the infected email message, it appears that a persons computer has been infected when in fact, it might be clean.

For example, Alex is using a computer that is infected with W32.Klez.H@mm. Alex is either not using an antivirus program or does not have current virus definitions. Both Beth and Chris have sent email to Alex in the past. When W32.Klez.H@mm performs its emailing routine, it finds the email addresses of Beth and Chris. It inserts Beth's email address into the "From" field of an infected message. It adds Chris's name to the "To" field and then sends the infected email to Chris. Chris then contacts Beth and complains that she sent him an infected message, but when Beth scans her computer, Norton AntiVirus does not find anything--as would be expected--because her computer is not infected.

NOTE: Because the W32.Klez worm does not use the email address of the infected computer in the email that it sends, there is no way to track which computer sent the infected email.

If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, then you can be confident that your computer is not infected with this worm.

I don't know if it is just the Klez virus that does this or if others do, as well. This is the one about which I remembered reading.

Hope this helps.

 

[ZENGHOST]

Ron and Skyline (probably) have it. I've gotten messages from people I didn't know, telling me to stop sending them viruses (virii?). I think there's more than one out there that will take two addresses from the address book of the infected computer, make one the target address, one the source address and then mail itself out. I know you don't know the person that sent you the message, but if you can figure out who this person is and who your mutual acquaintance is (someone who would have both your addresses in his/her book), then you may be able to track down the originator of the virus. In my case it was easy because the last name of the recipient was the same (uncommon) last name of one of the professors that I do tech support for. My McAfee updates and runs itself every morning and I occasionally run the Klez and BugBear removal tools (available on Norton's site). I also run Housecall (free online virus scanner) every now and then just to supplement my normal scan. Even then I'm still paranoid about these things so I know where you're coming from.

 

[Duck]

I second Zens posting of housecall...It's a good scanner that has caught several that Nortons and AVG missed..

 

[ZENGHOST]

Originally posted by Duck
I second Zens posting of housecall...It's a good scanner that has caught several that Nortons and AVG missed..

One of the good things about Housecall is that it picks up "joke" programs that supposedly Norton and McAfee do not.

 

[Chris "Anagarika"]

recently (2 weeks), the world is stormed by W23/Bugbear.b@MM virus. it does exactly what Ron describe. now it is diminishing, but not dead yet (doesn't it sound like SARS?)

Lates Norton or McAfee would do the job. the symptom can be traced by person whose address book contain both the sender and recipient address ... most likely that person knows you