Virus? - Does someone i know have a virus

DaithiSurfer

I have 2 hotmail accounts which only my friends know the address of.
Since friday i am getting returns from irish email addresses that i have never heard about telling me that the mail i sent them has a virus.

They show that the mail is indeed from one or other of my hotmail account.
Now the thing is that i havent logged into this account and my PC at home is OFF.

Is it possible that a friend has a virus and it has harvested my email address and is now sending mails to their other contacts (which would explain why they are mostly ie email addresses) and spoofing with my email address that it got from their contacts?

If so how can i find out who has the virus and what the virus is, because this has been going on since Friday.

Looks like it might be the beagle virus, but how the hell do i find out who has it. I'm not happy about viruses going to people with my address on it.

Gerry

Most of the current viruses do mass mailing. This means they look through the address book on an infected machine, and send out emails to everyone, which have spoofed headers to make them look like someone else in the address book, as you guessed in your post. So, more than likely one of your friends has a virus. In hotmail options you can select an option to display full headers on the email. If you look through it, and pick out the ip addresses after "received from", you will see the chain of servers the email went through.

If hotmail received the mail directly from a dialup/dsl/cable address, then you know that machine is infected, as modern viruses come with their own smtp server built in, which means they don't have to worry if a user has a default mailserver or not. ( There is the unlikely case that the user has their own dedicated smtp server, but this is very unlikely for people on dialup/dsl/cable.

Normally, the message would come from an isp's email server, or a webmail providers server, or from a static corporate ip.
If you make a list of these addresses ( the last hop before hotmail ), see if there is a pattern. I.e, see if they are all eircom dsl addresses or whatever, then check which of your friends use eircom. This post is somewhat rushed, feel free to ask for further explanation

kaimera

Since friday i am getting returns from irish email addresses that i have never heard about telling me that the mail i sent them has a virus.

and so it's your fault they opened an email from somebody they dont know? idiots.

DaithiSurfer

Thanks Gerry,
Just checked that and they all came from an ESAT account.
I've emailed my only 2 friends with ESAT accounts (that i know of) so hopefully they'll do a scan and get it.

Mutant_Fruit

Point to take note of: NEVER OPEN E-MAIL ATTACHMENTS.

I wrote that in capitals cos i'm to lazy to make it bold. Unless you are expecting the attachment, don't open it. And if the main body of the e-mail consists of something like "Your document is attached", its a virus.

I got a spoofed one from the NTLWorl team a while back, telling me i abused my account and it was deactiveated, and i was to read the attachment. HAH! as if i was going to do that.

So i sent it back to them, and never got a reply (and my e-mail STILL works) so i assume their anti-virus filter deleted the e-mail.

DaithiSurfer

Thats the beauty of hotmail. Apart from the small space.
At least you know its been scanned when sent and read.
Most of the ones i got though were from companies virus scanning software telling me i'd sent a virus, so they didnt actualy read them.
I've never got one and am always careful. Thats why it pisses me off that my address is on them.

fragile

Originally posted by Mutant_Fruit
..
So i sent it back to them, and never got a reply (and my e-mail STILL works) so i assume their anti-virus filter deleted the e-mail. [/B]

ehm, isn't that just confirming to the spoofer that your email address is a valid one....best to just ignore these mails and use a decent bayesian spam filter

Duffman

Originally posted by DaithiSurfer
Thats the beauty of hotmail. Apart from the small space.
At least you know its been scanned when sent and read.
Most of the ones i got though were from companies virus scanning software telling me i'd sent a virus, so they didnt actualy read them.
I've never got one and am always careful. Thats why it pisses me off that my address is on them.

No, that's the danger of hotmail.. It claims all attachments are scanned for viruses but it failed to pick up Netsky for me a few days ago for example.... Don't trust attachments that are "scanned".

Mutant_Fruit

Originally posted by fragile
ehm, isn't that just confirming to the spoofer that your email address is a valid one....best to just ignore these mails and use a decent bayesian spam filter

No, because i forwarded it to the NTL support team (i verified the e-mail address from the NTL site). I didn't reply to one of those "spam" addresses. I know that much