Weird emailing - virus?

[bonson]

I'm not sure exactly what is causing this, but I'm getting a LOT of emails bounced back to my primary email address with undeliverable emails. The email headers show they are originating from my domain, except they are not mail accounts I have set up. I only set up 3 mail accounts and the ones that are being bounced back are originating from generic names like John@, Jerry@, Smith@ (none of which are setup).

Most of the emails are attached with a small 22kb attachment that is zipped with odd file names.

I have scanned my system with an up-to-date scanner and never opened any of the attachments. I'm confident there is no virus on my system. None of my friends are getting these emails either.

Does anyone here have any input on what may be causing this?

Thanks in advance,
-Bonson Yee
www.bkphotog.com

[GatorBrent]

Everyone everwhere is getting weird emails like this. Ignore them they aren't coming from your domain, nor are they coming from the server. It's spam an attempt to get you to open it / be infected. DO NOT OPEN THEM! NEVER OPEN ANY ATTACHMENT EVEN IF YOU ARE BEST FRIENDS WITH WHO IS SENDING

http://www.cnn.com/2004/TECH/interne...ead/index.html

It's a worm hitting windows boxes, and is one of he biggest to hit in a long time. 1 /12 emails on the internet right now are it according to the news.

Give it a week or two before it dies down.

[bonson]

Whew - thanks for the quick response. Huge relief - I was worried i uploaded something infected today.

[angeleyz]

I thought I'd been hacked. LOL I asked about this just after it was posted. Thanks Brent

[GatorBrent]

Yeh I was little worried as well. I thought jessica downloaded a virus / worm and it infected our home network.

[tjs]

Something like this has been happening to me, only today I received an email from someone (they exist, I checked their site) claiming that I sent them the virus and I've been black listed on that site as well as a few others.

The folders sent to me are titled things like mydomain.txt or .zip(my domain name) and according to the raw source they were sent from my server. One of the ones I received today had the folder named myusername@mydomain.zip. and the raw source states that it was sent from my server by the username postmaster, which I never placed in my email manager.

I've checked all my cgi-bins and found nothing that I didn't put in them. Is it possible that my mail server is sending these things? I'm concerned about being black listed by search engines. The server that these are coming from according to the raw source is hummer.websitewelcome.com. If not, does anyone have any idea how the raw source traces it to our server?

[GatorJustin]

tjs, just because your address appeared in the From: field, does not mean you actually sent the virus or are infected yourself. You are probably fine, and I would say that the owners of that site need to brush up a bit on their knowledge before blacklisting what is likely an innocent domain.

-Justin

[karz10]

I've seen this happen before. Many times, I could create a link between where these things came from and how it was getting back to me. For example, I know some people that I've networked with in a business sense that have copied me on emails before and made the mistake of not BCCing everyone, so I knew some of the emails that he sent to. I also knew where he hosted.

So, when the emails started bouncing back to me, or in some cases someone complained to me, I went and looked to discover the email actually originated from the SMTP server of my associate's host, and was able to figure out that in some cases the emails originated from one of his company machines or from the machine of someone else in his circle of associates that also received those emails that I was copied on, so the virus of the infected machine went out sending the virus to emails the hacker wanted to send to, and it would claim to be from me and my domain, but I had nothing to do with it, and it was not traced to me in any way.

Eventually it blew over, and I think most anyone who really knows how these things work would not penalize you if it did not *really* come from you, which it likely did not. Let us know if you learn otherwise...

Karsten

[JZ]

There is an anti-forgery solution available that is trying to curb the spoofing of domains. I have not looked in to it closely but here is the url if you would like to try it for yourself. http://spf.pobox.com/

[Thomas]

Hi all. Just felt I should share some experiences here.

I've been familiar with spoofing for a couple years. I had this one client out of several that was a victim, and I was getting 5 + "undeliverable" emails a day from him. Each had a virus attached. He wasn't sending them. I was convinced he had a virus on his machine, but he didn't (at least not anymore).

It's my understanding that certain viruses will collect all the email addresses on your system and use them as both senders and/or recipients (spoofing) to propagate themselves. Then each recipent that gets infected magnifies the problem, and so on..... So, long after you've cleaned your machine your email address is still out there being used as a "sender" address. Of course, spoofing can also be done manually and intentionally (I think).

It seemed there was nothing I could do about this. I was very concerned that for every "undeliverable" message, there were probably some actually getting through to people, and those people would complain, and my clients email would be banned by ISPs. But none of that happened. It eventually just stopped.

I developed a pretty ralaxed attitude about spoofing - ignore it and it will go away. Until last week.....

Apparently my brand new HostGator reseller domain was used to spoof some spam to someone. The recipient complained. The complaint made it to the datacenter, who complained to Hostgator, and HG was ON me like white on rice!

Now look, I've got this dinky little site that barely manages 50 hits on a good day. I hardly ever use my webmail - much less run a spamming operation. Besides, I'm trying to be a reseller. Why would I contaminate myself that way?

Never the less, I got a personal phone call from someone I'll call "higher up in the company" and I was treated to something just this side of an interrogation. I was left with a copy of the spam to dissect and use to defend myself - which I did successfully. I'm not complaining. I DO appreciate HGs strict spam policy. I'm GLAD they take it so seriously. But spoofing has got to be treated with the same conviction. It's NOT going away.

I breifly visited the site Justin mentioned. I found it very confusing but eventually I hope to utilize this tool. I hope everyone, including HG will take this problem more seriously.

That's all.