PDA

View Full Version : FAQ #18 Warning message about an email I didn't send



Susan B
11-06-2004, 10:16 AM
FAQ #18 "Warning message about an email I didn't send" or "Receiving returned mail I've never sent"


TYPICAL QUESTIONS:

• Example One:
Im receiving return email from the Postmaster, from emails Ive never sent to people Ive known but are NOT in my address book.

These are from work associates for a company I ceased working for 5yrs ago. I recognise some of the names, which they may have retained my home email in their address book, but that unlikely.

Further more, these staff have email addresses have a company that is related to the business I worked for, not the original.

OK OK, I used to work for Meridian energy, the emails come from Transpower

Im using AVG7, updated & scanned daily, no viruses ever found.


• Example Two:
I have, in the last two or three days, had messages "returning" e-mails that I certainly had not sent that were supposed to contain viruses. I have Norton Anti-Virus which is kept up-to-date, and I have ZoneAlarm fire wall. The messages were supposed to be to "service@anywhere.co.nz" and the virus was identified as "Win32/Netsky.Zworm" and "Win32/Netsky.Z@MM!Zip".
Has someone taken over my machine or is this a hoax?


• Example Three:
I have just had 2 e-mails appear in my inbox stating that 'MailMarshal (an automated content monitoring gateway) has not delivered the following message: blah blah blah because it contained an executable file' It then goes to list an e-mail address. The point is that I do not know the e-mail address that I purportedly sent an e-mail too. I then went to the web site of where the e-mail address was supposed to be sent to find out that it belonged to a group of chartered accounts in Wellington (I am based in Auckland) that I had also not heard of before.

What could be causing this and should I be doing something about it?

I have Nortons Internet Security installed and the virus definitions are automatically updated. I also keep the Windows security updates updated regularly.



ANSWERS:

Someone who has your email address in their address book, plus the other addresses is infected with a virus and as a result you get all the undelivered notifications.

It harvests these addresses and uses one (in this case yours) as the false "from" address and sends to all the others.

Therefore when the emails bounce, they bounce back to the false "from" address, in this case you.

There is nothing you can do about it. If your email address is widely circulated it could be anyone who has the address in their system.

It is quite common, just ignore them and delete.


Technical explanation by whiskeytangofoxtrot:

The reason you are receiving these is most likely because someone you know is infected with a virus. Most viruses operate by picking two addresses at random out of an address book, setting one as the sender, and one as the recipient. This is why you are receiving mail from someone you do not necessarily know. Unfortunately there is no easy way of tracking back the original infected source, or a way of blocking these messages from coming through.

Your ISP may scan your e-mail for viruses as they arrive at their server. This will protect you against known e-mail viruses before they reach your machine. They will only be able to detect incoming e-mail viruses, so you will still need a virus scanner on your home computer as well to protect you against internet, disk based and file sharing viruses.

If you have a virus scanner on your machine such as Norton Antivirus, PC-Cillin or similar make sure you have run the update feature to get the latest virus information. If you haven't run the updates for some time it is advisable to run the update a few times to ensure all the available software upgrades have been downloaded.

There are many good free alternatives to commercial virus scanners - if you don't have a virus scanner it would be worthwhile installing one of the following:

ClamWin
http://www.clamwin.net

AVG Virus Scanner
http://www.grisoft.com

Antivir Virus Scanner
http://www.free-av.com

These are available for free download from the internet and require regular updates as you would with a normal commercial Antivirus Solution.

If you are looking for more information on a virus, or assistance with repairing or removing a virus visit the link below and search for the virus name as identified by your virus scanner - this should provide you with plenty of information on any virus you may encounter.
http://www.symantec.com/avcenter/vinfodb.html

Usually the incidence of these will die down as people realise they are infected and remove the virus.


Compiled from previous contributions by whiskeytangofoxtrot, Jim B and godfather.

Mzee
12-06-2004, 06:51 PM
First of all scan with "Lava ware Adaware-6", its on the PC World CD's.
Scan with Anti virus.
Install "Mail Washer", also on PC World cd's.
Most of these return mail messages contain a virus or other malicious code. With Mail Washer you can preview any suspicious message without actually downloading it, and you can delete it right on the server.
After this you can download any messages you wish to receive.

Do not return to sender, this will confirm that your address exists.