Viruses

By Jeroen Sangers on August 20, 2003 | | Comments (4) | TrackBacks (0)

Most viruses that replicate themselves through e-mail forge the from: field of their messages. Usually they take a random address, or pick one from your address book or web cache. Therefore, a virus appearing to come from jeroen@example.com, rarely really originates from this address.

I can image that some users don't know this, and when they receive a virus from me they send me a reply with a warning that I have a virus. Usually I explain these people the story above and tell them --- of course after checking that my anti-virus software is up-to-date --- that I don't have a virus. No problem for me.

What I don't understand is that some people who are responsible for really big mail servers also don't understand that viruses forge headers, and have their servers configured in such a way that they reply to me. Of course they have the right to block a message with a virus to protect their customers. But please don't bother me with these messages. I can assure you that I am not the one sending these messages; just check the mail headers and you will see that they originate from a completely different server.

This morning somebody who apparently had visited my site cached a virus and started sending out the virus in my name. Luckily for him, his provider scans all incoming SMTP mail and intercepted all messages. Instead of simply not accepting these messages, they had configured procmail to send a warning to the address mentioned in the from-field (me) including the virus!!!!! As a result, my inbox is flooded with viruses from this server (mail.infosys.tuwien.ac.at).

Once again, none of my computers is infected with a virus.

Categories:

Technology

4 Comments

Arie Maat said:

Are you really sure about this?

August 21, 2003 1:39 PM
Jeroen said:

At this moment I am still receiving these messages. Some of them are of the above described type: "We did not deliver your message beacause it is infected with a virus", and the bounce includes the original message (clearly not send by me) with the virus.
Other messages I receive are bounces because the destination address does not exist. These messages also contain the virus, but because they haven't been checked for viruses, the blocking server cannot be blamed.

August 21, 2003 4:19 PM
Jeroen said:

The same question is also discussed on SlashDot: http://ask.slashdot.org/article.pl?sid=03/08/21/2151250

August 22, 2003 12:01 PM
Naomi Cole said:

This Website is very informative THANKS!

December 16, 2003 7:17 PM

Leave a comment

0 TrackBacks

Listed below are links to blogs that reference this entry: Viruses.

TrackBack URL for this entry: http://mt.ai-no.com/mt-tb.cgi/299

About this Entry

This page contains a single entry by Jeroen Sangers published on August 20, 2003.

Plug-in Manager was the previous entry in this blog.

Copy protection is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.01