I'm getting mail from an ISP saying that mail that I sent was returned because it had a virus. Supposedly the mail was sent this morning at 9:11 a.m. I never sent the mail in the first place. I was in the shop working at that time. I have Norton and ran it just last night. I also have Ad-aware and ran it last night also. The virus it says the email contained was I-Worm.Bagle.z.

Help!!!!

Thanks,

T

Terry, I have seen this time and time again. You did not send the message. You must be using a major ISP and your return address was "hijaacked". Basically they are putting your e-mail address as the return address and even using the ISP's sever to bounce the mail where they want. ISP's usually catch on, but not before thousands get sent. In my case, my email address begins with abe...so I'm at the top of the list and get hit a lot. My ISP (Cox) says there isn't much I can do. When I set up their server side spam filter it got rid of all those odd messages.

Hope that explains it.

Doc,

It's just one mail here and one mail there. Maybe about 3 or 4 in the last few days. Perhaps there are many more that are getting caught by AOL. Only one today, but it went to someone I wish it hadn't.

I assume from you explanation that there is nothing I can do to stop this from my end???

t

I assume from you explanation that there is nothing I can do to stop this from my end???

t

This ain't "Doc", but ditto to what he said and what you have surmised. I have spam filtering at the server end, as well as at my own email client end and *still* get garbage like that from time to time. :mad: Ignore it. Until someone comes up with some application using some type of "fuzzy logic" to clean all that crap up, we're pretty much stuck with it. :cool:

Here's the basic version of how it works:

1. A PC gets infected with the worm, generally by opening something that shouldn't be opened and not having an up-to-date antivirus system in place.

2. The worm scans the local hard drive of the infected PC for e-mail addresses. It finds the e-mail addresses in the local PC's address book, in various files and from visited web pages that are cached locally (ie Temporary Internet Files). It tucks them away in its own database.

3. Using the e-mail addresses, it sends out e-mails that are infected using other e-mail addresses as the source address (called spoofing). When one of the targets gets the e-mail, it looks like it came from someone different than who it actually came from.

4. The target computers antivirus system may send a e-mail back to the sender saying "this was refused since it's infected". But the sender listed in the e-mail never actually sent the e-mail so now THEY think they're infected.

5. The target e-mail address may also be an invalid address (generally to avoid spam or old e-mail addresses). So the 'bounceback' message gets sent to the listed sender...who didn't send the message in the first place, further confusing him/her.

Yes, there is nothing you can do about it. You're not at fault and those in the know are aware of what the real story is behind it all. If anyone comes back to you and says you sent them a virus (usually because they're NOT in the know on how this stuff works), copy this and send it to them.

I'm getting mail from an ISP saying that mail that I sent was returned because it had a virus. Supposedly the mail was sent this morning at 9:11 a.m. I never sent the mail in the first place. I was in the shop working at that time. I have Norton and ran it just last night. I also have Ad-aware and ran it last night also. The virus it says the email contained was I-Worm.Bagle.z.

Help!!!!

Thanks,

T
Terry:

If you are running XP or 2000 make sure you have updated the latest patches from Microsoft. I had one of my XP machines get a virus and my network guys called me and told me I was sending out junk. I updated the latest windows update and it stoppped.

I'm getting mail from an ISP saying that mail that I sent was returned because it had a virus. Supposedly the mail was sent this morning at 9:11 a.m. I never sent the mail in the first place. I was in the shop working at that time. I have Norton and ran it just last night. I also have Ad-aware and ran it last night also. The virus it says the email contained was I-Worm.Bagle.z.

Help!!!!

Thanks,

T

My neighbor has some "de-wormer" that you could shove in your CDROM drive and see if that would help.!!! :eek: :D :D

Sorry....just couldn't pass that one up. :p ;)

And you call Dennis "your buddy".?????? :p :p :p

Terry, with AOL, it's one of the big 3 so it gets hit a lot with these things. Unfortunately so do the small guys, just not to the same scale. There really isn't much to do other than set up a server side spam filter which will cut some of this garbage out of your inbox. The reason you only get it occasionally is that's when the smarta$$'s out there are sending - they don't want to do it everyday, it's easier to catch them.

Brian, what you discribe is indeed an e-mail worm. This can also be run through a trojan (a file or program that you run and think is harmless, but has a "buried" virus) or even a Java or Active X application on a web page. In fact, there are a lot of ways of doing it. But, in what Terry is discribing, this is a scam to make it appear he is sending e-mail when, in fact, they are not coming from his computer. This is easliy identified by looking into the e-mail header for the IP address from which the mail was sent - it won't be Terry's. In fact, most of the times it is either the main IP for the ISP or is blank/invalid. There are many programs that let you do this.

As the internet is an international entity, this sort of thing is hard to prevent. People from anyplace in the world can "bounce" e-mail off of servers anywhere else in the world. So even if the US outlawed it, then all they'd have to do is bounce it off of a foreign server and no one would be the wiser. I agree this is a royal PITA. As our technology gets better (mousetrap) they will just invent a better mouse.

Thanks everyone!!!! I appreciate all the help. I'm still computer stupid here you know.

Especially thank you Dennis. :rolleyes: :rolleyes: :D


t

But, in what Terry is discribing, this is a scam to make it appear he is sending e-mail when, in fact, they are not coming from his computer. This is easliy identified by looking into the e-mail header for the IP address from which the mail was sent - it won't be Terry's. In fact, most of the times it is either the main IP for the ISP or is blank/invalid. There are many programs that let you do this.
As an administrator at a small business with offices in three states, I'm very familiar with this sort of thing. I deal with it everyday. I also have a fairly extensive background in network security. I get the honor of breaking into systems to fix them (fun!).

Without a copy of the e-mail for us to look at, it's impossible to tell if it's legitimate or fake. I can probably read you the fake one verbatim, I've seen it so many times.

The e-mail he rec'd could also be a response from an automatic scanning system for an ISP. Many ISP's have these in place now, both as a feature for their customers and to save them the hassle of recovering a flooded router that can't handle the traffic from these worms/trojans/viruses (btdt at Globalcrossing during the Yahoo DDOS attack in 2000). My own e-mail server antivirus system offers this feature. I choose not to use it due to the 200+ viruses a day we receive.