Jump to content

Recommended Posts

Posted

Hi, all. I'm a little freaked out -- I just recently got a couple bouncebacks from emails I never sent, one of which says it was rejected because it matched the criteria for a virus (and both of which had attached .pif files).

 

I have the latest version of Norton Anti-Virus active 24/7 on my machine, but I'm wondering if this slipped by and is spreading through my email account(!) Can anyone help me decipher the bounceback text (below) and let me know what, if anything, I should do next? Also, does TCH do any virus protection on the web mail end, before my email gets downloaded to my machine? Thanks!

 

J

 

P.S. The email address it was sent to is not even one in my address book...

 

=====================================

 

Re: Mail delivery failed: returning message to sender

 

This message was created automatically by mail delivery software.

 

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

 

scratch@creaturesinmyhead.com

This message has been rejected because it has

a potentially executable attachment "your_details.pif"

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it.

 

------ This is a copy of the message, including all the headers. ------

 

Return-path: <info@30SoS.com>

Received: from [12.216.62.57] (helo=HAL)

by dallas.dnsrouter.com with esmtp (Exim 4.20)

id 19u1z6-0008T7-6x

for scratch@creaturesinmyhead.com; Mon, 01 Sep 2003 23:37:36 -0400

From: <info@30SoS.com>

To: <scratch@creaturesinmyhead.com>

Subject: Re: Wicked screensaver

Date: Mon, 1 Sep 2003 22:37:35 --0500

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="_NextPart_000_1EFBC89F"

Message-Id: <E19u1z6-0008T7-6x@dallas.dnsrouter.com>

 

This is a multipart message in MIME format

 

--_NextPart_000_1EFBC89F

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

 

Please see the attached file for details.

--_NextPart_000_1EFBC89F

Content-Type: application/octet-stream;

name="your_details.pif"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

filename="your_details.pif"

 

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v

ZGUuDQ0KJAAAAAAAAADToEjPl8EmnJfBJpyXwSacFN0onI3BJpx... etc., etc.

Posted

Hi,

 

No these are created by the virus sobig and you have no need to worry. If you are worried, check your computer for viruses and change your email password, but nothing is wrong

 

Jim

Posted

So it is a virus, but not one to be worried about? :D Didn't know there was such a thing...

 

Regardless, I'd rather not have anything or anyone sending emails through my account without my knowledge or permission. I'll scan my machine when I get home. Any thoughts on how this got past my anti-virus software?

 

J

Posted

Hi,

 

Sorry I should have mentioned, the emails are spoofed by the virus on another computer to look like they have come from your own machine, hence "dont worry" bit. You can not tell which computer they have come from, thats the lovely part of the virus.

 

Jim

Posted

I've been having this happen as well. The virus can spoof emails from people's address books, in an attempt to convince people to open the email because it's from someone they know. As I mentioned in another post, there are various ways to "sign" your email, so that people know that you actually sent it - this can be used to differentiate between real email messages and virus emails with spoofed addresses. If you're worried about people thinking you sent these messages, signing your email with something like PGP is what some security experts recommend, as you can prove that you dsidn't actually send any virus emails.

Posted

I actually proved this myself by closing one of my email accounts and setting up a new one for all emails that are not sent to my correct address. 2 days later about 30 emails "supposiblely" originating from my now desceased account had been sent after the account which had been closed for two days.

 

Its a sneaky virus!

 

Jim

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...