Jostein wrote:
Hello Jostein, Comments interspaced: > When a virus infects a person's computer, it tries to > replicate itself by sending copies of itself to others. It's > source of email addresses is naturally the contacts lists in > the infected computer. That's the basic of all mail worms > (this type of virii). OK. > To hide it's tracks, some worms insert random names from the > same contact list in the "FROM:" field. This is called > spoofing. The result is that the infected email appears to be > sent from a totally innocent person. Sometimes, the worm > inserts the same name in the "FROM:" and "TO:" fields. This > results in your bizarre situation, that you appear to have > sent yourself an infected mail. > > So the hi-jack has only taken place in some poor sod's > infected computer, and you're not to blame at all. In fact, > most ISP's have stopped bouncing notices like the one you > received because of spoofing. Yes, I see. I am considering just deleting all such messages now. > You can, however, make a qualified guess as to who _really_ > sent the mail by looking at the message source code. In > there, you will find the IP address of the computer that sent > the mail. The IP-address can be looked up to see who owns it. > If the IP address is registered to a single person, you've > nailed the culprit. Typically, however, the owner will be an > ISP. They usually have a pool of IP addresses that are shared > out to it's subscribers as needed. So what you _can_ do then, > is to report the incident with source code and everything to > the ISP, and hope that they are kind enough to investigate > and notify the right subscriber about the infection. > > The easiest thing is probably to just delete the mail and > hope that the poor infected user finds out asap. If I was sent the suspect e-mail directly, I could try and look that up. My Waitrose a/c, simply tells me it has detected a virus, deleted it, but informs me from which e-mail address it has been sent. Which of course, is a spoof, so really of no damn use at all. That's it, I will just delete them in future. Thanks, Malcolm
