Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

People receiving emails "from me" that I never sent.

by obsessed Aug 10, 2004 7:16AM PDT

I am assuming this is some kind of worm, but don't know how to find it or stop it. Typically, what happens is that someone asks me what's in the attachment I supposedly sent them, and I have to tell them, "Don't open it, I never sent you anything." Or I get returned mail as undeliverable, again, that I never sent, sometimes to people I don't even know. I have both AVG free version and Norton AntiVirus 2004, which I keep up-to-date, and the scans come up clean. I also have those dummy worm alert addresses at the beginning of my address book that I thought were supposed to prevent this sort of thing.

I have AOL (my ISP is also AOL), Windows XP home.

Discussion is locked

9 Posts
- Collapse + Expand Details
- Collapse -
Here's why.
by r. proffitt Forum moderator Aug 10, 2004 7:37AM PDT

A person you may or may not know that has your addrees in their address book has an emailing worm/virus. You are unlikely to be infected, but someone who has your email address could be.

Bob

- Collapse -
What to do about it?
by obsessed Aug 10, 2004 7:49AM PDT

Is it necessarily the person who receives this email "from me" who has the worm? Or can it be someone who actually did send it to this person with my address in the return address spot? And how do I protect the people I do email so that they know that an email actually came from me?

- Collapse -
If nothing else,tell them that you
by Ray Harinec Aug 10, 2004 7:58AM PDT

will never send them an attachment without some form of prior agreement. If they open attachments that's their fault.

Very unlikely that you will find the culprit if you are popular and in many people's address book.

- Collapse -
Re: What to do about it?
by Mighty Aug 10, 2004 12:17PM PDT

No, it's not the person who receives the email who has the virus/worm. It's a third party. It may be someone you don't even know.

Let's say a friend of yours finds a fun joke email and sends it to you and ten other people. Two of those people like it and forward it on to ten people they know. Your email is in the forwarded email. A few of those people forward it to some of their friends, and so on. Within a couple of forwards your email address might be on 50 computers of people you've never heard of.

Some viruses limit themselves to the address book. But some instead scan emails, doc files and text files and pick out emails from those.

When the virus sends itself on it picks a return address at random for each copy it sends. So every once in awhile your address will end up in the return address of the outgoing virus or spam mail.

Usually someone will complain about the offending machine to that user's ISP and it'll get cut off until they get it fixed. My experience is that usually happens within a few days. The longest for me was about two weeks. It flairs up every month or so when a new virus is released, but usually dies back down quickly.

If it lasts longer than a couple of weeks then you might want to enlist some help in tracking down the offending machine and get the ISP to force them to fix it.

- Collapse -
Re: What to do about it?
by obsessed Aug 11, 2004 4:10AM PDT

You say:
Usually someone will complain about the offending machine to that user's ISP and it'll get cut off until they get it fixed. My experience is that usually happens within a few days. The longest for me was about two weeks. It flairs up every month or so when a new virus is released, but usually dies back down quickly.

If it lasts longer than a couple of weeks then you might want to enlist some help in tracking down the offending machine and get the ISP to force them to fix it.
-----------------
Well, if you don't know where it originated, how do you complain to the user's ISP?
And how do you enlist help in tracking down the offending machine? I don't even know how or where to start on this search mission.

- Collapse -
Re: What to do about it?
by Mighty Aug 11, 2004 6:37AM PDT

How long has this been going on? Most of the time, that person's machine will also send an email to someone who already knows how to track down the source and it'll get taken care of for you. So my advice is to just ride it out. But, if you really have been dealing with this for very long then we can help you get at the headers in your email software and then you can post them here and we'll help you decipher one.

Generally speaking, the headers of an email record a trail back to the source. For a spam or virus from a zombie the original source is likely an IP address that you can look up at www.arin.net. From there, you can find the ISP that coresponds to that IP address and you can send an email to their abuse address.

With bounced emails, you need to make sure you're looking at the header to the original email, and not the header of the bounce notification from the receiving email server. Some servers forward the bounced email to you, thus there's only one set of headers. Some servers wrap up the original email in an attachement and attach that to the bounce notification, which is a brand new email.

It's one of those things that looks a lot more complicated at first than it really is. It's actually pretty straightforward.

Drake

- Collapse -
Re: People receiving emails
by juditte Aug 11, 2004 2:38AM PDT

The most likely reason is that your email is in someone else's computer address book and they have a virus/worm on their system. It is sending its nasty payload out to everyone in their address book but using your address (and probably a few other innocent victims) as the sender in order to cover its tracks. Finding where it could actually be coming from is very difficult. If you are sure your computer is clean of "nasties" you just have to ignore it and respond as you have to those people who query you with the above explanation.

I recommend that you install a software firewall such as the Norton one or Zone Alarm (which has a free version) or one of the others available. Then set it so that it gives you an alert for every attempt to come or go from your system. It takes time for a while but it is very informative and you might have a few surprises. Then I highly recommend that you start proseltyzing amongst all of your contacts that they also have both an AV and a Firewall installed on their computers. Once you all get used to using the these tools and everyones systems are cleaned up then you should see a decrease in these "spoofed" malware emails.

And by the way I highly recommend doing at least weekly checks of your system for spy and adware. Try Spybot S&D and Adware. If you like them then contribute. You can Google any of these products to find the websites for download. Unfortunately with all the nonsense out on the net we have to do a lot of housekeeping on our computers to improve the whole experience.
Good luck
Juditte

- Collapse -
Re: People receiving emails
by obsessed Aug 11, 2004 4:07AM PDT

Thanks for the great advice... I do have Adaware and run it regularly, as well as the free version of ZoneAlarm (now that I've settled on version 4.5 I've eliminated all the aggravation from later versions), but what exactly do you mean when you say I might find some surprises in the alerts? I am not sure what to look for when I see the alerts, and what I should be making of all the IP addresses. Just looks like a bunch of numbers to my untrained eyes.

- Collapse -
About those alerts, Obsessed:
by Paul C Aug 11, 2004 11:37PM PDT

They're actually not that hard to figure out.

Let's for example pull 3 entries from my Zone Alarm log:

1. ACCESS,2004/08/12,05:30:14 -5:00 GMT,Messenger was blocked from connecting to the Internet (205.188.146.146:DNS).,N/A,N/A

What we have here is an attempt of a program - in this case, Windows Messenger (a well-known channel for SPAM) to "phone home". I have ZA set to prevent this from happening, so this is logged every time WM tries to connect.

2. FWIN,2004/08/12,04:57:10 -5:00 GMT,4.255.29.181:28009,172.132.77.31:1026,UDP; FWIN,2004/08/12,05:00:58 -5:00 GMT,218.85.231.48:1069,172.132.77.31:1023,TCP (flags:S)

These are two attempts to reach my PC from the outside that the firewall has blocked. In the first example, the machine seeking access used the User Datagram Protocol (UDP); the second used the Transmission Control Protocol (TCP). Both these methods bypass the main network protocols and were designed to transfer streams of data securely, making them ideal for the unscrupulous among us to send garbage. The first string of numbers is the IP address of the sending machine (where it's located on the Web). The second string is my IP address at the time of the intrusion (since I'm on dialup, my IP address changes every time I go online).

This is oversimplified, Obsessed, but I post it just so you can get an idea of what the firewall is actually doing. In practice, your concern with malware on your PC is limited to programs trying to "phone home". When ZA tells you that a program is requesting access to the Internet - or potentially worse, trying to set itself up as a server - you should make darn sure that you in fact want that program to access the Web. If not, clock it and tell ZA to remember that in the future.

If you're not sure, block it without telling ZA to remember it, check it out here or by Googling the application, and then decide.

In the case of your email dilemma, none of this is of any practical use. As others have noted, the probability is very high that the emails being sent out in "your name" are probably originating from the PC of someone who's not even on your address book...

Back to Computer Newbies forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info