Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Someone sending viruses addressed from me

Reply
Thread Tools

Someone sending viruses addressed from me

 
 
T.J.
Guest
Posts: n/a
 
      01-19-2006
I've had 5 or 6 people contact me saying they
are receiving virus attacks from me via my email addy.

I know this isn't the case, someone has obviously set
something up so it looks like me sending them.
Is there anything I can do about this? if not
directly, does anyone know of a URL I can send
people to that explains to them about forged sent from
settings?
TIA.



 
Reply With Quote
 
 
 
 
Morgi3
Guest
Posts: n/a
 
      01-19-2006
Hi T.J. - it's quite possible that your machine is infected with a
virus, and it is "silently" sending these messages from your account,
taking advantage of any address book that you have stored on your
machine - are you using Microsoft Outlook or Outlook Express?

I stronly advise that you check your antivirus protection is on and
up-to-date. Perform a whole system scan. It may also be worth
downloading and scanning with McAfee Stinger.exe, a free stand alone
scanner that can find some of the latest and most common worms and
viruses. You can download this from
http://us.mcafee.com/virusInfo/defau...al/Stinger.asp

Also, do you have a firewall monitoring your connection at all?

I hope this helps,


Steve.

 
Reply With Quote
 
 
 
 
John Holmes
Guest
Posts: n/a
 
      01-19-2006
T.J. blabbered in 24hoursupport.helpdesk:

> I've had 5 or 6 people contact me saying they
> are receiving virus attacks from me via my email addy.
>
> I know this isn't the case, someone has obviously set
> something up so it looks like me sending them.
> Is there anything I can do about this? if not
> directly, does anyone know of a URL I can send
> people to that explains to them about forged sent from
> settings?
> TIA.
>
>
>
>


Most likely, your system is infected and it's sending emails without you
knowing it.

--
Your mother was a twisted bag-lady who gave correspondence courses in a
mental hospital.


 
Reply With Quote
 
Stuiffer
Guest
Posts: n/a
 
      01-19-2006
"T.J." <(E-Mail Removed)> wrote in news:dqoe5r$r8b$1
@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com:

> I've had 5 or 6 people contact me saying they
> are receiving virus attacks from me via my email addy.
>
> I know this isn't the case, someone has obviously set
> something up so it looks like me sending them.
> Is there anything I can do about this? if not
> directly, does anyone know of a URL I can send
> people to that explains to them about forged sent from
> settings?
> TIA.
>


Nothing to add apart from saying give Avast Antivirus a go. Its free and
very good.
 
Reply With Quote
 
T.J.
Guest
Posts: n/a
 
      01-19-2006

"Morgi3" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi T.J. - it's quite possible that your machine is infected with a
> virus, and it is "silently" sending these messages from your account,
> taking advantage of any address book that you have stored on your
> machine - are you using Microsoft Outlook or Outlook Express?
>
> I stronly advise that you check your antivirus protection is on and
> up-to-date. Perform a whole system scan. It may also be worth
> downloading and scanning with McAfee Stinger.exe, a free stand alone
> scanner that can find some of the latest and most common worms and
> viruses. You can download this from
> http://us.mcafee.com/virusInfo/defau...al/Stinger.asp
>
> Also, do you have a firewall monitoring your connection at all?
>
> I hope this helps,
>
>
> Steve.
>


Thanks for the reply,

I'm using OE but only have very few people in my address book
(none of those are effected)
I use Zone Alarm Pro, EzAntivirus 7.0.1.6 (which is updated
every morning)
I updated again and ran a full system scan after the first
person contacted me, which was clean)
I switched over to a different machine on a different phoneline,
using a different ISP, but people were still getting them.
The email address people say they are coming from is only set up
to receive and not to send.



 
Reply With Quote
 
Yddap
Guest
Posts: n/a
 
      01-19-2006
In news:dqoi09$98m$(E-Mail Removed)-infra.bt.com,
T.J. <(E-Mail Removed)> opined very noisily:
> "Morgi3" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> Hi T.J. - it's quite possible that your machine is infected with a
>> virus, and it is "silently" sending these messages from your account,
>> taking advantage of any address book that you have stored on your
>> machine - are you using Microsoft Outlook or Outlook Express?
>>
>> I stronly advise that you check your antivirus protection is on and
>> up-to-date. Perform a whole system scan. It may also be worth
>> downloading and scanning with McAfee Stinger.exe, a free stand alone
>> scanner that can find some of the latest and most common worms and
>> viruses. You can download this from
>> http://us.mcafee.com/virusInfo/defau...al/Stinger.asp
>>
>> Also, do you have a firewall monitoring your connection at all?
>>
>> I hope this helps,
>>
>>
>> Steve.
>>

>
> Thanks for the reply,
>
> I'm using OE but only have very few people in my address book
> (none of those are effected)
> I use Zone Alarm Pro, EzAntivirus 7.0.1.6 (which is updated
> every morning)
> I updated again and ran a full system scan after the first
> person contacted me, which was clean)
> I switched over to a different machine on a different phoneline,
> using a different ISP, but people were still getting them.
> The email address people say they are coming from is only set up
> to receive and not to send.


Ask the people who are receiving the emails what IP address they are coming
from
If it is 86.133.36.146 you have trouble , if not do a lookup on the reported
IP address
Via http://www.dnsstuff.com/
--

Yddap
Remove guts to reply


 
Reply With Quote
 
Dave Lear
Guest
Posts: n/a
 
      01-19-2006
"T.J." wrote in message
news:dqoe5r$r8b$(E-Mail Removed)-infra.bt.com

> I've had 5 or 6 people contact me saying they
> are receiving virus attacks from me via my email addy.
>
> I know this isn't the case, someone has obviously set
> something up so it looks like me sending them.
> Is there anything I can do about this? if not
> directly, does anyone know of a URL I can send
> people to that explains to them about forged sent from
> settings?


Assuming that you have confirmed that your workstation is *not* actually
virus-infected by scanning it with an up-to-date virus checker, then the
most likely cause is not that someone has deliberately set out to send out
infected emails as you, just that one or more infected workstations are
sending out infected messages which have a spoofed From header so they
appear to be from you.

In its simplest terms...

User A has an infected workstation

User A sends User B an infected email, with the From header of the message
indicating that it was sent by User C

User B's anti-virus software prevents infection of their workstation

User B advises User C that they sent them an infected message

User C checks their workstation and finds it clean

User C has to persuade User B that they didn't send the infected message and
that User C's workstation is clean

In the above scenario, you are User C and the people contacting you are User
B. As you can see, neither User B or User C has the problem, it's User A
with the infected workstation.

http://www.windowsecurity.com/articl...-Spoofing.html


 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      01-19-2006
T.J. wrote:
> I've had 5 or 6 people contact me saying they
> are receiving virus attacks from me via my email addy.


Modern day virus propagations *never* use the From address of the
infected computer -- the From is 'always' forged. Long long ago some
viruses had the infected's From, but not for a very long time. So, you
can almost be assured that if someone is receiving virus propagations
these days with your From, that it isn't coming from your machine.

For some reason, a great many people don't understand that almost all
spam and almost all virus propagations are *not* from the From.

If they want to determine the source of the propagation, they will have
to evaluate the items's header for the source IP.

> I know this isn't the case, someone has obviously set
> something up so it looks like me sending them.


Let's just say that the mechanism of the infected machine performing the
propagations has 'chosen' a From, and it happens to be your addy.

> Is there anything I can do about this?


Not really. If the recipients in question are able to provide you with
a set of complete headers you could use those headers to determine the
real source IP and then you could notify the appropriate provider about
their infected propagator -- but many providers don't take any action
about these problems.

> if not
> directly, does anyone know of a URL I can send
> people to that explains to them about forged sent from
> settings?


There must be tons.

--
Mike Easter

 
Reply With Quote
 
Mara
Guest
Posts: n/a
 
      01-19-2006
On Thu, 19 Jan 2006 17:24:25 +0000 (UTC), "T.J." <(E-Mail Removed)> wrote:


>Thanks for the reply,
>
>I'm using OE but only have very few people in my address book
>(none of those are effected)


I wouldn't bet the farm on that. People can be infected and never notice it.

>I use Zone Alarm Pro, EzAntivirus 7.0.1.6 (which is updated
>every morning)
>I updated again and ran a full system scan after the first
>person contacted me, which was clean)
> I switched over to a different machine on a different phoneline,
>using a different ISP, but people were still getting them.


That's because it's probably not coming from your machine. It's probably coming
from someone who has or had your address in their address book, and is infected.

>The email address people say they are coming from is only set up
>to receive and not to send.


That's because the malware is probably forging your address into the e-mails. It
is essential that you, and everyone who is receiving these mails, rescan your
computers - with more than one AV, including online scanners. This is
*particularly* true if they are using Norton or McAfee.

A lot of the newer malware has its own SMTP engine.

--
If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology.
-- Bruce Schneider
 
Reply With Quote
 
vespetrol@gmail.com
Guest
Posts: n/a
 
      01-19-2006
Standard practice for me on any new machine is adding dummy entries in
the address book of OE and even Mozilla Tb. First entry is __NA, where
N = numeric and A = alpha, plus @domain.etc of course. I also plug it
up at the very end with another dummy entry, this one following the
format http://www.velocityreviews.com/forums/(E-Mail Removed).

Don't remember where I got this little trick, but if your system is
infected, at least the people in your addy books don't get ravaged by
whatever it is you have, right?

Hth.
VP.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
which hash table - chained or open-addressed? Julia C Programming 79 02-09-2007 07:46 AM
CNE question? 127 loopback addressed murrayatuptowngallery@yahoo.com Computer Security 4 02-19-2006 07:02 PM
Critique CSS layout (issues addressed) lime HTML 14 11-17-2004 08:08 PM
I am getting loads of spam by e-mail.Most of it is not even addressed to me so god knows how I am receiving it. Any ideas . Is there a spam guard available on blueyonder? How do I get it on my system if there is?Cheers GW Geoff/Elaine Computer Support 11 11-16-2004 11:17 PM
Where is error checking on fgets() addressed in FAQ? William L. Bahn C Programming 7 05-12-2004 03:20 AM



Advertisments