Mobile menu

How can a virus get sent, seemingly from my address, to a person I have never contacted?
Thread poster: Todd Field

Todd Field  Identity Verified
United States
Local time: 20:09
Member (2003)
Portuguese to English
Jan 19, 2004

Dear colleagues,

I am hoping for an explanation on this one from someone who knows more about how viruses work:

Today my computer sent a virus to someone I had never before seen or contacted. For kicks, and since I only use this computer for translating, I went to see if this person had a profile here at Proz. To my surprise, I found the poor virus recipient: different language pair, name I had never heard, in short, a completely new person who I had never "met" before (and never once exchanged correspondence).

I own Norton Antivirus and scan my computer religiously. I had all updates through last Saturday when the event occurred. To my knowledge this is the first virus ever sent by my computer.

An interesting clue is that all my SPAM comes from European-based domains, and the recipient of this virus is also in Europe. Could there be a relationship?

I am really dumbfounded here… how can my computer email a virus to someone at Proz if I have never exchanged email correspondence with them?

Todd


Direct link Reply with quote
 

Michele Johnson  Identity Verified
Germany
Local time: 03:09
German to English
+ ...
forged? Jan 19, 2004

Are you sure it was sent from your computer? Many of those viruses forge the sender, so it might simply *appear* to come from you. I could have sworn this was talked about on the forums before, but I couldn't find the link.

See e.g. http://www.itd.umich.edu/virusbusters/klez.html
The main features of Klez.E and Klez.H are these:

* It often forges its From: field, so that recipients of email with Klez-infected attachments seem to get it from someone who was not the actual sender (and is not the real Klez victim)

http://andrew.triumf.ca/bugbear/
October 2002 BugBear virus
This virus forges both sender and return addresses. It is pointless to reply to the sender. The TRIUMF mailer trmail is now deleting this virus so you should not normally see it.
The virus finds an old mail message in a mail folder, combines the name and userid with a domain from another message, and uses that as the sender. It then sends itself automatically to other email addresses discovered in the folder and elsewhere.


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:09
English to German
+ ...
Do you *know* it was sent from your computer? Jan 19, 2004

Hi Todd,
Which virus or worm was the cause of the problem?

How did you ascertain that this was actually sent from your computer? Most current viruses (most of them are worms, actually, but that's only a technical distinction) use "spoofing" techniques - IOW the purported sender is almost never the real source.

That's why I'd be interested to know if you detected a sent message, or if the recipient told you that "you" sent it.

Hope this makes sense....

Ralf


Direct link Reply with quote
 

Magda Dziadosz  Identity Verified
Poland
Local time: 03:09
Member (2004)
English to Polish
+ ...
How do you know *you* sent a virus? Jan 19, 2004

And to one person only? Usually an infected machine sents out mails to thousands of recipients.

What happened to me once, was that members of a certain mailing list received an e-mail which *looked* like sent from me (it was not) - we have later found out that virus was sent from a computer of the list member who once exchanged e-mails with me.
It looked like me sending messages to people I don't know, but it was a worm and not even in my machine. It was Klez.E, if I recall correctly.

So, don't worry and check your machine regularly, preferably using more than one anti-virus software.

Magda


Direct link Reply with quote
 

Andrzej Lejman  Identity Verified
Local time: 03:09
German to Polish
+ ...
Sorry, Magda Jan 19, 2004

Magda Dziadosz wrote:
So, don't worry and check your machine regularly, preferably using more than one anti-virus software.
Magda


You cannot run more than one anti-virus program (as well as more than one firewall) on one machine. The software does'nt work properly than, and the system can even crash.
What you can do, is to DISABLE for a moment the anti-virus software and to use one of the online scanners, available on the Net.
Best regards
Andrzej


Direct link Reply with quote
 

Todd Field  Identity Verified
United States
Local time: 20:09
Member (2003)
Portuguese to English
TOPIC STARTER
Answer to Ralf's questions Jan 19, 2004

Thanks to all for your input thus far.

In answer to Ralf's questions:

- I do not know the name of the virus or worm (I did a full system scan and came up clean)

- I ascertained that it was supposedly "sent" from my computer since the recipient emailed me directly to say that I had "sent" it

I do understand the basics of viruses and how they operate. What baffles me is that the recipient is a Proz member, and one with whom I have never exchanged correspondence of any type... this can't be just a mere coincidence...

Thanks in advance for your ideas.

Todd


Direct link Reply with quote
 

PAS  Identity Verified
Local time: 03:09
English to Polish
+ ...
Nasties Jan 19, 2004

The virus may have been sent from another computer. Listen to this:

Some months ago I was away for a few days. I came back, did the e-mail ritual and what did I get? responses from other e-mail addresses saying an e-mail from _my_ address was rejected because of a virus.
The rejections did not come from any addresses in my address book, but from addresses remotely connected with some of the work I do.
I reasoned the virus was sent from a computer which had my address in it and the addresses which sent the rejections, but not from mine. (After all, I wasn't there to send anything - the computer was shut off and the plug was pulled - something I always do when I go away for more than 1-2 days.)

Go figure. Since that time I also enabled the 'scan outgoing mail' feature in NAV. It slows the sending down, but maybe it will help?

HTH
Pawel Skalinski


Direct link Reply with quote
 

Henry Dotterer
Local time: 22:09
SITE FOUNDER
I'm guessing the email was spoofed Jan 19, 2004

Since you are running virus software, presumably up-to-date, and do not find anything on your own system, it is most likely that the virus did not actually originate from your computer. The virus has "spoofed" your address, to make it appear as though it was coming from you.

As for the fact that you have not corresponded with the member in the past, the most likely scenario is that someone you have had correspondence with became infected, the virus grabbed your email address from Outlook (Express) on that person's computer, and sent itself to the person who contacted you (for the first time). There may have also been several people acting as the conduit.

That you are both members of ProZ.com is probably just a coincidence.

If you want to confirm all of this, you can ask the infected person to send you the headers from the email he/she received. I can help you decode them if you do not know how.

Of course, you should not open any attachments from the infected person.


Direct link Reply with quote
 
Ruben Berrozpe  Identity Verified
English to Spanish
Europe's a big place... Jan 19, 2004

Todd and Monica Field wrote:

An interesting clue is that all my SPAM comes from European-based domains, and the recipient of this virus is also in Europe. Could there be a relationship?

Todd


I don't think the area (specially such a big one) has got anything to do with it, honestly. But I tend to agree with the previous postings in that your address might have been used illegitimally to send a virus.

BTW, I used to think that McAfee was a better option than Norton in general terms, at least that was the word around here a couple of years ago. Anyone's got updated information on this? It's because my Norton subscription is about to end in a few weeks, and I'm considering a switch.

Thank you,
Rb


Direct link Reply with quote
 

Klaus Herrmann  Identity Verified
Germany
Local time: 03:09
Member (2002)
English to German
+ ...
You are in the address book of someone who has a virus Jan 19, 2004

I think that's the most simple and most likely explanation in this scenario. The virus picked a random address from the address book of the machine it's running on. It's not an uncommon thing for a virus to do.

Direct link Reply with quote
 

Graciela Carlyle  Identity Verified
United Kingdom
Local time: 02:09
English to Spanish
+ ...
this is exactly what happens Jan 19, 2004

Klaus Herrmann wrote:

I think that's the most simple and most likely explanation in this scenario. The virus picked a random address from the address book of the machine it's running on. It's not an uncommon thing for a virus to do.


It's just like Klaus says.
Just keep your machine clean and don't get paranoid (that's what people sending viruses on purpose want!).
Good luck!!
Grace.


[Edited at 2004-01-19 23:13]


Direct link Reply with quote
 

Dorothee Racette  Identity Verified
United States
Local time: 22:09
German to English
+ ...
See this virus description at Symantec Jan 20, 2004

Hi Todd + Monica,

the same thing happened yesterday in a list I belong to, and it turned out the virus actually picks up your address remotely from a server.

Here is more explanation:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html


Dorothee


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

How can a virus get sent, seemingly from my address, to a person I have never contacted?

Advanced search






PerfectIt consistency checker
Faster Checking, Greater Accuracy

PerfectIt helps deliver error-free documents. It improves consistency, ensures quality and helps to enforce style guides. It’s a powerful tool for pro users, and comes with the assurance of a 30-day money back guarantee.

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs