Dear colleagues Such warning messages can be genuine although mistaken - an email containing the worm or virus described may well really have been received, though *not* sent from the stated address (i.e. one's own).
This happens because (among various other mechanisms) malware of this type can harvest email addresses from the address book of an infected PC and then launch multiple copies that spoof those addresses as the supposed "sender" addresses. In such cases the declared "senders" have no involvement other than misuse of their names and addresses, so there's little they can do but stoically delete the patronising automatically-generated messages sent back by target mailserver systems. I know this only too well - having had the same well-publicised email address for a fair number of years, I frequently get accusatory automatic replies concerning emails that I never sent, to people I have never heard of, and with timestamps when my email-connected machine was offline or powered down. Seeing that my email machine also lives behind our university firewall and, in particular, that deliberately I *don't* run a mailer or operating system that's a target for current viruses/worms, I'm pretty confident that these non-delivery messages and warnings are *not* triggered by anything sent from my machine. But they keep coming just the same. What action can one take? After verifying that one has not actually sent the message and that one's system is indeed clean, there is essentially nothing further that one can do, other than be wary of sending a "reply" claiming that the "sender"'s system is infected, which only serves to further the virus-writer's aims of spreading unrest and confusion. This applies particularly within user communities such as us rietvelders, where it can easily happen that the virus captures such an address list, then mails itself to one of the members claiming to have been sent by another one. It's best to assume that nothing claimed by a piece of malware is to be relied on. With best wishes Robin Shirley On 26 Jul 2004 at 13:39, Peter Zavalij wrote: The message Srebri is referring to is a hoax or virus itself (at least it looks this way). It's getting harder and harder to distinguish what is real and what is not especially in the virtual reality world. For example this message could be hoax as well and I am not sure there is an easy cure for this. Peter Zavalij University Crystallographer Institute for Materials Research and Chemistry Department Binghamton University, SUNY, Vestal Pkwy, East Binghamton, NY 13902-6000, USA Tel: (607)777-4298 Fax: (607)777-4623 E-mail:[EMAIL PROTECTED] http://materials.binghamton.edu/zavalij -----Original Message----- From: Srebri Petrov [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 1:25 PM To: [EMAIL PROTECTED] Hi Are you sure that my computer is affected? I did not have any problems so far reading and sending my e-mails. However, I couldn't read the attached file as it appears with strange signs in Notepad. I am willing to help if I can assist you regarding this matter. Could you provide more detailed info regarding how it happens? Sincerely Sr. Petrov /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Dr. Sr. Petrov, PXRD Analyses, Dept. of Chemistry, University of Toronto Tel/Fax: (416)-978-1389. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 26, 2004 1:00 PM > Dear user of ill.fr, > > Your email account was used to send a huge amount of spam during this > week. Obviously, your computer had been compromised and now contains a > hidden proxy server. > > Please follow the instruction in the attached file in order to keep > your computer safe. > > Best regards, > The ill.fr team.
