Spoof e-mail?
 

Hi :)

I found the following e-mail in my spam folder from root@localhost.i4gate Ive never sent an e-mail to the supposed recipient. What is the person trying to do? Id be interested to know what goes on here:

"A virus was found in an Email message you sent. (I didn't)
This Email scanner intercepted it and stopped the entire message
reaching its destination.

The virus was reported to be:

Worm.SomeFool.Q <----is this a known virus?


Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.


Your message was sent with the following envelope:

MAIL FROM: (my e-mail address)
RCPT TO: sommers@vt4.net (never heard of them)

... and with the following headers:

---
MAILFROM: (my e-mail address)
Received: from host217-44-122-158.range217-44.btcentralplus.com (HELO vt4.net) (217.44.122.158)
by node2 with SMTP; 11 Jun 2004 16:32:26 +0200
From:
To: sommers@vt4.net
Subject: Delivery (sommers@vt4.net)
Date: Fri, 11 Jun 2004 15:32:22 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA81.7B015D10"
X-Priority: 1
X-MSMail-Priority: High"

Thanks for looking

Julie

Most of the smart viruses pick a random email address as the virus sender and this might be what you are seeing.

It works by someone having you in his or her address book and contracts the virus. The virus goes out to everyone in that address book and picks a random address as the sender for each virus sent. One of the outgoing viruses goes out as coming from your address and the person receiving has a virus checker that automatically responds to you and not the actual sender. You sit there saying ‘I haven’t sent to this address’ wondering what is happening. The real sender is unaware of sending it in the first place because he/she gets nothing back.

This makes the finding of the real sender virtually impossible.

Worm.SomeFool is a virus but you may not have it.

However it's best to be safe than sorry. Make sure your av is uptodate and run a full scan.

It wouldnt be a bad idea to run Stinger:

http://vil.nai.com/vil/stinger/

It will find and kill the most popular viruses.

Thanks for that TJ.......

I dont really understand it but all I would ask is: will someone receive this virus (who hasnt got an e-mail scanner, say) thinking that I have deliberately sent them one??? Could it be someone I know? Sorry, I know youve more pressing problems to deal with......

Julie

Thanks again.....Ive got Stinger and Ill run it now :)

Don't be sorry. It's a pleasure be of some assistance. The answer to your questions is 'Yes'.

Oh blimey.....thats not good is it :eek:

Julie

As I said initially you may not have the virus and your address was the one picked randomly as the sender.

Before running stinger run your av program. Which one do you have?

Ive got Norton 2003 and AVG.....AVG is running as we speak....

Here we go:

http://www.hkcert.org/valert/vinfo/w32.netsky.c@mm.html

That's a very interesting link.....Ive had a quick look but Im going to read more when Ive fed the kids :p.


I had a couple of e-mails a few weeks ago with attachments - one was joke.mim, the other was also .mim. Needless to say I deleted them via Spam, but do you have any idea what .mim is?

Thaks

Julie

Did the emails have any attachments or links?

I don't know anything about mim.

Yes, they were attachments, only afew kb's, they looked like they could have been text documents, but they definitely had a .mim extension...........I havent been able to find anything out about them. I wish there was a 'safe place' to open stuf like this just to see what it contains; its probably just filthy links or something yuk :(

If you pre-viewed that mail your are more than likely infected if they contained a virus.

Turn the preview pane option off. Previewing an email actually opens an email, and lets the virus loose. For instructions on how to do that see

http://cybercoyote.org/security/prevpane.htm