Hello eveyone, my family uses SBC DSL, and my dad checked his email and noticed a strange email he had in his bulk. It was 41k and the attachment was Data.zip. HAND TYPED in the email said "no viruses found, please download." and then "checked by f.secure.com"

Gee, how suspicious is that?

So to make sure its a virus, i fired up linux, downloaded it, and sure enough, its clunky old sub7.

I sent a blank email back at the user, just to see if id trigger the mailer DAEMON. Nope. It sent. So is there anything i can do? I actually have an idea of who it is, and they know we do ebay business and such, and there would be valuable info to them on our hard drives.

Thanx in advance guys!

they might have a virus on their comp. and it got sent without them knowing. Just goto keyword TOS and report the e-mail. I think you can just forward the e-mail to TOSemail1 or something like that.

Or just let it go, virus e-mails get sent around all the time.

Im aware of that. Happened to our horse driver with some worm...cant remember which one. But im aware of who it is now. Someone who isnt too freindly with me. Cant beleive theyd think our family is THAT stupid.

Viruses spoof sender adresses (with real email addresses) all the time. It's a common tactic. As such, replying to email should work perfectly. It does nothing to prove that the user did it intentionally or knowingly targeted you. Chances are very good that email wasn't even sent from their computer, but rather from somebody else who has them in their address book.

I know that in any given day, I get a several emails from automated system admins that the email I sent to xx@yy.zz.com contained a virus and was rejected. Of course, these emails were never emailed from my computer or account. (There's no record of the emails on my machine, I'm behind a firewall that would prevent this, and the machine is 100% clean (and it's in linux half the time anyway).)

These spoofed from addresses serve a few purposes. First, they help obscure the origin of the virus. Second, they make it more likely for a person to open the email (because it may be from a name you recognize). Third, they form a sort of secondary attack on any and all affected servers, because the writers know that many virus filters will send out these warnings that I mentioned back to the senders, even though in many cases, the sender field has been spoofed.

So, I wouldn't be so quick to jump to conclusions about this user. It's best to just let it drop. If you really feel concerned, you might consider instead sending an email saying, "Hey, I just wanted to let you know that I received a virus in an email from your account. You might want to check out your system and make sure that there are no additional viruses affecting it. Thanks."

-- Paul

Hmm....

I am aware of mail spoofing. Thanks for the info. I will wait alittle, even tho i know who it is for sure. It would be like them to try and attak something i love (my computers!). So i guess ill drop it, unless i get a bunch more from this guy on his other emails from yahoo and such. Thanx Paul.

Not a problem. I hope things calm down for you on the viral front. :) -- Paul

Thanks. Ive had many attacks not too long ago. My sisters arent that smart and accepted everything any stranger from AIM sent to them. I wasnt home, and whatever this thing was managed to get to all 5 of my machines. Did no luck on the linux box

AOL has proven in the past they dont give a **** as long as their loyal band of aol monkeys forks over that 23.95 a month

Yea i used to have them....NOT a fan at all. Minute their crappy sofware gets on ur machine, troubles are near.

macklin01:

I had the same problem, I was getting up to 10 e-mails A DAY saying that an e-mail I sent had a virus. Here's what I did: Check the origional IP in the message details, search google for the IP address, maybe it was logged by some web-site (in my case a beauty supply forum had logged the IP I was after). I used that method to find the person's e-mail (a Tampa Bay Road Runner account). I contacted help@rr.com, abuse@rr.com, the tampa bay tech support (via phone and e-mail), and the national RR tech support (via phone) to tell them that the user with said IP had a virus that was spoofing MY address and ask them to contact that person and have them run a Virus scan. I have not received a bounced virus with that source IP since. :D

BTW: IMHO PC-Cillin 2004 is the ONLY internet security program to use. The others aren't worth their weight in poo.