30SoS Posted September 2, 2003 Posted September 2, 2003 Hi, all. I'm a little freaked out -- I just recently got a couple bouncebacks from emails I never sent, one of which says it was rejected because it matched the criteria for a virus (and both of which had attached .pif files). I have the latest version of Norton Anti-Virus active 24/7 on my machine, but I'm wondering if this slipped by and is spreading through my email account(!) Can anyone help me decipher the bounceback text (below) and let me know what, if anything, I should do next? Also, does TCH do any virus protection on the web mail end, before my email gets downloaded to my machine? Thanks! J P.S. The email address it was sent to is not even one in my address book... ===================================== Re: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: scratch@creaturesinmyhead.com This message has been rejected because it has a potentially executable attachment "your_details.pif" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. ------ This is a copy of the message, including all the headers. ------ Return-path: <info@30SoS.com> Received: from [12.216.62.57] (helo=HAL) by dallas.dnsrouter.com with esmtp (Exim 4.20) id 19u1z6-0008T7-6x for scratch@creaturesinmyhead.com; Mon, 01 Sep 2003 23:37:36 -0400 From: <info@30SoS.com> To: <scratch@creaturesinmyhead.com> Subject: Re: Wicked screensaver Date: Mon, 1 Sep 2003 22:37:35 --0500 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="_NextPart_000_1EFBC89F" Message-Id: <E19u1z6-0008T7-6x@dallas.dnsrouter.com> This is a multipart message in MIME format --_NextPart_000_1EFBC89F Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Please see the attached file for details. --_NextPart_000_1EFBC89F Content-Type: application/octet-stream; name="your_details.pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="your_details.pif" TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v ZGUuDQ0KJAAAAAAAAADToEjPl8EmnJfBJpyXwSacFN0onI3BJpx... etc., etc. Quote
TCH-JimE Posted September 2, 2003 Posted September 2, 2003 Hi, No these are created by the virus sobig and you have no need to worry. If you are worried, check your computer for viruses and change your email password, but nothing is wrong Jim Quote
30SoS Posted September 2, 2003 Author Posted September 2, 2003 So it is a virus, but not one to be worried about? Didn't know there was such a thing... Regardless, I'd rather not have anything or anyone sending emails through my account without my knowledge or permission. I'll scan my machine when I get home. Any thoughts on how this got past my anti-virus software? J Quote
TCH-JimE Posted September 2, 2003 Posted September 2, 2003 Hi, Sorry I should have mentioned, the emails are spoofed by the virus on another computer to look like they have come from your own machine, hence "dont worry" bit. You can not tell which computer they have come from, thats the lovely part of the virus. Jim Quote
ztrauq Posted September 2, 2003 Posted September 2, 2003 I've been having this happen as well. The virus can spoof emails from people's address books, in an attempt to convince people to open the email because it's from someone they know. As I mentioned in another post, there are various ways to "sign" your email, so that people know that you actually sent it - this can be used to differentiate between real email messages and virus emails with spoofed addresses. If you're worried about people thinking you sent these messages, signing your email with something like PGP is what some security experts recommend, as you can prove that you dsidn't actually send any virus emails. Quote
TCH-JimE Posted September 3, 2003 Posted September 3, 2003 I actually proved this myself by closing one of my email accounts and setting up a new one for all emails that are not sent to my correct address. 2 days later about 30 emails "supposiblely" originating from my now desceased account had been sent after the account which had been closed for two days. Its a sneaky virus! Jim Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.