How can a virus get sent, seemingly from my address, to a person I have never contacted?
Thread poster: Todd Field
Are you sure it was sent from your computer? Many of those viruses forge the sender, so it might simply *appear* to come from you. I could have sworn this was talked about on the forums before, but I couldn't find the link.
See e.g. http://www.itd.umich.edu/virusbusters/klez.html
The main features of Klez.E and Klez.H are these:
* It often forges its From: field, so that recipients of email with Klez-infected attachments seem to get it from someone who was not the actual sender (and is not the real Klez victim)
October 2002 BugBear virus
This virus forges both sender and return addresses. It is pointless to reply to the sender. The TRIUMF mailer trmail is now deleting this virus so you should not normally see it.
The virus finds an old mail message in a mail folder, combines the name and userid with a domain from another message, and uses that as the sender. It then sends itself automatically to other email addresses discovered in the folder and elsewhere.
| || || |
| | Ralf Lemster
Local time: 14:25
English to German
| Do you *know* it was sent from your computer? || Jan 19, 2004 |
Which virus or worm was the cause of the problem?
How did you ascertain that this was actually sent from your computer? Most current viruses (most of them are worms, actually, but that's only a technical distinction) use "spoofing" techniques - IOW the purported sender is almost never the real source.
That's why I'd be interested to know if you detected a sent message, or if the recipient told you that "you" sent it.
Hope this makes sense....
| Sorry, Magda || Jan 19, 2004 |
Magda Dziadosz wrote:
So, don't worry and check your machine regularly, preferably using more than one anti-virus software.
You cannot run more than one anti-virus program (as well as more than one firewall) on one machine. The software does'nt work properly than, and the system can even crash.
What you can do, is to DISABLE for a moment the anti-virus software and to use one of the online scanners, available on the Net.
| Answer to Ralf's questions || Jan 19, 2004 |
Thanks to all for your input thus far.
In answer to Ralf's questions:
- I do not know the name of the virus or worm (I did a full system scan and came up clean)
- I ascertained that it was supposedly "sent" from my computer since the recipient emailed me directly to say that I had "sent" it
I do understand the basics of viruses and how they operate. What baffles me is that the recipient is a Proz member, and one with whom I have never exchanged correspondence of any type... this can't be just a mere coincidence...
Thanks in advance for your ideas.
| | PAS
Local time: 14:25
English to Polish
The virus may have been sent from another computer. Listen to this:
Some months ago I was away for a few days. I came back, did the e-mail ritual and what did I get? responses from other e-mail addresses saying an e-mail from _my_ address was rejected because of a virus.
The rejections did not come from any addresses in my address book, but from addresses remotely connected with some of the work I do.
I reasoned the virus was sent from a computer which had my address in it and the addresses which sent the rejections, but not from mine. (After all, I wasn't there to send anything - the computer was shut off and the plug was pulled - something I always do when I go away for more than 1-2 days.)
Go figure. Since that time I also enabled the 'scan outgoing mail' feature in NAV. It slows the sending down, but maybe it will help?
| I'm guessing the email was spoofed || Jan 19, 2004 |
Since you are running virus software, presumably up-to-date, and do not find anything on your own system, it is most likely that the virus did not actually originate from your computer. The virus has "spoofed" your address, to make it appear as though it was coming from you.
As for the fact that you have not corresponded with the member in the past, the most likely scenario is that someone you have had correspondence with became infected, the virus grabbed your email address from Outlook (Express) on that person's computer, and sent itself to the person who contacted you (for the first time). There may have also been several people acting as the conduit.
That you are both members of ProZ.com is probably just a coincidence.
If you want to confirm all of this, you can ask the infected person to send you the headers from the email he/she received. I can help you decode them if you do not know how.
Of course, you should not open any attachments from the infected person.
| Europe's a big place... || Jan 19, 2004 |
Todd and Monica Field wrote:
An interesting clue is that all my SPAM comes from European-based domains, and the recipient of this virus is also in Europe. Could there be a relationship?
I don't think the area (specially such a big one) has got anything to do with it, honestly. But I tend to agree with the previous postings in that your address might have been used illegitimally to send a virus.
BTW, I used to think that McAfee was a better option than Norton in general terms, at least that was the word around here a couple of years ago. Anyone's got updated information on this? It's because my Norton subscription is about to end in a few weeks, and I'm considering a switch.
| this is exactly what happens || Jan 19, 2004 |
Klaus Herrmann wrote:
I think that's the most simple and most likely explanation in this scenario. The virus picked a random address from the address book of the machine it's running on. It's not an uncommon thing for a virus to do.
It's just like Klaus says.
Just keep your machine clean and don't get paranoid (that's what people sending viruses on purpose want!).
[Edited at 2004-01-19 23:13]