A client sent an e-mail to a distribution list recently. The email had several attachments. One of the recipients complained that the email had several attachments named "file000.txt" in addition to the original attachments. None of the other recipients expeienced this.
The complaining recipient (for lack of a better term) forwarded the email he received back to us. Sure enough, each of the 3 original attachments had a corresponding "file000.txt" attachment to go with it. I looked at these text files, and they appeared to be basically code for an html document, and they did contain text from the original corresponding attachment. And they had what looked like email header info and this:
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-Virus-Scanned: Symantec AntiVirus Scan Engine
The originating PC is running up to date EZ Armour AV that scans e-mail. Additionally, I ran an online Trendmicro scan and all it found was 35 cookies, no viruses.
What happened here? I am confident we are virus free, and that the original email went out with only the 3 legitimate attachments, and that only the 1 of 5 recipients received these unknown attachments. Because of the municipal gov't setting we are in, a knowledgeable explanation would be beneficial.