Getting Undeliverable Mail "returned" to my e-mail

[Gamle-ged]

... that it claims I sent out... but none of the people are in my address book and I've never heard of them.

Is this the "sobig" worm that's spreading? My system is Win 98 and I believe "sobig" infects XP and 2000, so does this mean that someone with one of those systems and with my name on their address book is infected and sending these "returns" in hope I'll open one of those tempting "paper-clip" attachments to see what I "sent"?...

[BigO]

Yet another spam-spreading/virus-spreading tactic.

[flipflop]

I'm getting a few too. Probably someone who has you in their addy book got infected (and it could be thousands of messages removed from you) and it's sending out shit.

Just delete them.

NEVER open any message like that unless you are 100% sure you sent the e-mail.

[Gamle-ged]

A couple of them in the "preview pane," (and yes, I downloaded the "preview pane" bug fix over a year ago!) had the tell-tale mention of "wicked" as in "wicked_scr.scr" and "wicked screen-saver" mentioned in the F-Secure site...

[Lagniappe]

It very well could be the new version thats going around. I left for lunch today and by the time I got back there was a pile up of around 20 infected e-mails waiting for me.

The good news is
1. It is pretty easy to spot
2. It is pretty easy to remove
3. It will deactivate itself on Sept 10th 2003

The bad news is
1. It is spoofing the "From" address which makes tracing it a little more difficult
2. It can download arbitrary files to an infected computer and execute them. The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers. This functionality may also be used as a worm self-update feature.

http://securityresponse.symantec.com...reatassessment

Sobig will infect any windows machine except Windows 3.1

[qajariaq]

I got an email today that said an email I sent contained spam in the header (?). The strange part is that I do not know the email address nor have I sent any emails in the past few days!

I hope this is not one of the worms going around. I had problems sending out emails the other day - one kept coming back saying that my message had been stopped because it contained "known spam sources in Recieved: header." WTF??

I use web-based email, and do not open attatchments unless they are from a known source and the file type is actually what they say it is supposed to be. Is there another way to get it?

[sambo]

It's easy enough to see what is going on when you look at the header of one of those emails.

First you will notice your address and you will see he mail server that received your "spam/virus" but then you will also see the IP Address where it originated and the Email Server that it was sent from. You can often see the routers that it stopped at on the way as well.

Armed with that info it is easy to both determine that it is not something that originated from any machine that you use (it's always good to know that it isn't a case of being infected and just not realizing it) and in the event that it is coming from someone that you know, being able to get word to them and help stem the flow of bad emails.

I get this at work all the time and my boss is always telling me that we have some machine or another that is infected and I have to constantly remind him that we are as close to impervious as we can be, but we can't prevent someone or some virus from spoofing us and making it appear to the untrained eye that we are sending out virus replication emails or spam.

Ain't the Information Age Grand?!!!

[Gamle-ged]

Quote:

Originally Posted by lotus_dude

I got an email today that said an email I sent contained spam in the header (?). The strange part is that I do not know the email address nor have I sent any emails in the past few days!

I hope this is not one of the worms going around. I had problems sending out emails the other day - one kept coming back saying that my message had been stopped because it contained "known spam sources in Recieved: header." WTF??

I use web-based email, and do not open attatchments unless they are from a known source and the file type is actually what they say it is supposed to be. Is there another way to get it?

I also got two or three of the "spam in the header" e-mails "returned" yesterday. All together I got about a dozen of these "returned" e-mails yesterday evening, but not a one since. I did read in one of the sites that a particular worm operates only from 7:00 PM on or the like, taking a "from" and a "to" addressee from the infected machine's address book, then sending them out to try to propagate... sounds like going out on a date after work!...

[Lagniappe]

This is the biggest outbreak I've seen here since the last sobig outbreak.

[flipflop]

Quote:

Originally Posted by Lagniappe

This is the biggest outbreak I've seen here since the last sobig outbreak.

You be right on. I've received 8 infected e-mails already today. Thank God for Norton.