Bogus virus emails

Posted on 2004-11-12
Last Modified: 2010-11-11
Can someone explain to me why some of here in this company are receiving emails from people we don't know stating that when we sent them an email it contained a virus?

#1, we have no viruses.

#2, Nobody knows any of these people or email addresses.

Here some examples of one of the emails a lady here at the company just received.

-----Original Message-----
From: Nick [mailto:nick@anyoldplace.COM]
Sent: Friday, November 12, 2004 2:01 AM
Subject: RE: On Site Training


Ok, so if this is how everyone is responding…. Then so be it. If you want the best price on electrical test equipment, IT test equipment, or telephone test equipment. Give me a call directly. I will make sure you get the best pricing. See our web link below for ideas on what we sell I can help you with!


From: [] On Behalf Of Yo Ma Ma
Sent: Thursday, November 11, 2004 2:27 PM
Subject: On Site Training

I'm sure you've received lots of trash emails from Dick. So as Paul shared his areas of expertise, allow me to share mine.

(pissiness from author removed)

-----Original Message-----
Sent: Thursday, November 11, 2004 8:00 PM
Subject: [MailServer Notification]To Recipient file blocking settings matched and action taken.

ScanMail for Microsoft Exchange has blocked an attachment.

Sender =
Recipient(s) =
Subject = Contact list
Scanning time = 11/11/2004 8:00:25 PM

Action on file blocking:
The attachment contact_list5.pif matches the file blocking settings.
ScanMail has Quarantined it.  The attachment was quarantined to C:\Program Files\Trend\Smex\Alert\contact_list541940b292014.pif_., your MS Exchange Hosting provider, has blocked this attachment for your safety. Executable attachments such as this are often used to transmit viruses.

If you are sure that this attachment is safe, please ask the Sender to rename the attachment (e.g.: change "name.exe" to "name.exe.rename") and resend it.

ACTION: contact_list5.pif/Quarantined
SUBJECT: Contact list
TIME: 8:00:25 PM

For more information, go to:

-----Original Message-----
From: JoeMore []
Sent: Thursday, November 11, 2004 8:10 PM
Subject: RE: [MailServer Notification]To Recipient virus found and action taken.

Get me off of your list!!!!!

ScoobyDoo, Inc.

-----Original Message-----
From: [] On Behalf Of
Sent: Thursday, November 11, 2004 5:05 PM
Subject: [MailServer Notification]To Recipient virus found and action taken.

ScanMail for Microsoft Exchange has detected virus-infected attachment(s).

Sender =
Recipient(s) =
Subject = Contact list
Scanning time = 11/11/2004 5:05:25 PM
Engine/Pattern = 7.000-1004/2.244.00

Action on virus found:
The attachment contact_list5.pif contains WORM_NETSKY.S virus. ScanMail has Deleted it.

Warning to recipient. ScanMail has detected a virus.

Any ideas?  The email address of deputydog is someone that has our name, because we do work for him.  Does he have something wrong on his end possibly?  I'm quite sure it is not on our end, but regardless, I must do something to stop this so our company name isn't associated with garbage like this.  Thanks
Question by:caminator
    LVL 18

    Assisted Solution

    Viruses typically spoof e-mail addresses. So you can never rely on the name in the sender field has the person or person's computer that sent you a virus. Therefore you can and will recieve e-mails containing viruses from people you don't know...and sometimes that you do know, but who did not send you the virus.

    While your e-mails you posted are very confusing since it seems you have people responding to virus e-mails thinking the person really sent them the virus.

    When a comptuer is infected with a virus, the virus typically scans the computer for e-mail addresses and uses these to spoof the sender and from fields. So this dgriffin person could have had his e-mail address on someone's comptuer who knows where that had a virus...that virus spoofed the e-mail of dgriffin to look like it came from dgriffin...and somehow along the way the virus also picked up your e-mail addresss. It is just a huge mixing bowl and at any given time anyone's e-mail address could be listed as the sender or reciever of a virus infected e-mail...and there is really nothing you can do besides protect your systems from the virus itself.


    Author Comment

    Geez...what a pain in the butt.  I have one lady that has gotten about 15 emails in the last 2 hours all regarding virus alerts, from different people, but all of them have some relation to this dgriffin person.

    Thanks for the infomation.
    LVL 2

    Accepted Solution

    Unfortunatley because of the spoofing ability, blacklisting addresses and senders will not solve your problem.  The only way to help in this situation is to get some kind of email filtering software.  GFI's mailessentials looks at all incoming messages and scans for viruses and spam content.  There are several products out there that do this.  All of them have a decent price associated with them, but this would be the only simple way to help with your issue.  

    Something a little more complicated would be to examing logs on your firewall and determine the IP addresses of the servers that are sending you these messages.  Odds are they are in some 3rd world country that you would never want to receive messages from anyway.  If that was the case you could block those ips from accessing your mail server and maybe cut down the junk that way.

    Spam/Virus messages are a plague.  The only thing you can hope for is to get good filtering software and NEVER post your email address on any webpages or submit it to any companies for them to sell

    Expert Comment

    Just a thought, but you might not want to post those email addresses for the question.  Those are available free to the web (question that is) and you never know where the loathesome spammers might hide out... I'm sure you don't want any more junk mail flowing to you.

    Author Comment

    Nothing I posted had any or our email addresses in it.  Thanks for the heads up however.  We have another company host our email and website.  They have Spamassasin, which picks up most spam, but apparently there is still plenty getting through.

    We do not do our own email hosting here, so email filtering wouldn't for us.  Unless I am mistaken...?
    LVL 87

    Expert Comment

    A new antispammer method is for the mail server not to accept any mail originating from an unknown user, but to remember that address. If it came from a spammer, he'd try the next time using another sender address, but if the mail came from someone trustworthy, he'll (or his mailserver) will send the message again. If this happens, the server will now now the address and route the message into an folder of the user named "unknown address", or something similar. The User can now decide if this mail is to be trusted or not. If it is he'll enter the address to his trusted addresses, and the next time a message arrives from this client, it will go directly to his normal folder.

    Author Comment

    Rindi:  That sounds interesting.  How would I go about setting that up?  Is it a special program that needs to be running on the mail server, or is it an Outlook setting or something?  Thanks
    LVL 11

    Expert Comment

    I think luv2smile had the right idea regarding WHY.  The solution will be a lot tougher.  You should probably send an ALERT message to all adressees in your databank explaining the local problem, ask them to scan their systems for viruses, and then pass the alert on to the addresses in their address books (but try to limit the forwarding to ONE generation, otherwise you've just created your own mass-mailer!).

    I myself came to work on a Monday and had over 100 mails that weren't delivered - and I didn't even send them.  Fortunately I could find out what provider had sent them forward and called them.  They (a provider!) admitted that a notebook in their firm had been spamming overnight!  You might want to check that the emails complaining are actually coming from people COMPLAINING and not just a fake SPAM message that is being sent out.

    The last company I worked for had this problem for over 90 days and decided to change email addresses for everyone.  It cost a lot, but the problem was solved.
    LVL 87

    Expert Comment

    I've heard of people implementing this, which seems to have reduced spam by 90% (Sorry, the spam isn't actually reduced, it just doesn't reach the users). The problem is I don't know which products I'd need to get hold of, to install it, I'm still researching.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now