Alan Chandler <[EMAIL PROTECTED]> [2002-12-08 00:03:35 +0000]: > > [EMAIL PROTECTED]; I believe you have not send this file > > intentionally. In this case please warn the personnes you could have > > infected.
> Actually this e-mail is not originating from my domain but from > "Received: from mail00.svc.cra.dublin.eircom.net > (mail00.svc.cra.dublin.eircom.net [159.134.118.16]) by ..." > It appears to have some forged headers - I am trying to locate the source. It is a virus. Those are very common and spoof return headers. People who post to mailing lists will have their address in many other people's mailboxes and some of those will be running ms-windows and other virus prone systems. But it is not limited to mailing list posters. Anyone you have send mail to privately may have your address in their inbox. If anyone with your address has the right type of virus then it may spoof any of the mail addresses which are available in the inbox. Ask anyone who posts frequently to mailing lists and they will say they get many of those type of spoofed messages back from autoresponders. Many people set up virus scanners with an autoresponder enabled. They mistakenly believe that from addresses cannot be forged and therefore the sender must have a virus. However since most viruses forge headers this is actually a bad policy. Often the message will be coming from a different place than where it says. The autoresponders therefore incorrectly send a warning back to the innocent bystander. This causes a form of spam because this message is unwanted, DDOS'd because the virus may have sent out many messages to be autoresponded, or they may be left with fear that they may have been a virus source if they don't understand that they were not connected to the original message. My advice? Scan for viruses but discard them without responding to them. They probably did not come from who you think they came from. Bob
msg17692/pgp00000.pgp
Description: PGP signature
