My account is getting flooded with "returned mail" messages and notices from Microsoft that my computer needs to download a patch. So I thought at first, I have a virus. I went to open the patch attachment and lo and behold, it _is_ a virus. Someone is actually faking being Microsoft.
Anyway, my account is constantly at critical memory levels due to the huge amount of junk mail. Do I actually have a virus that is causing me to send out messages that bounce, or am I just getting bombarded with fakes? Either way, what can I do about it?
Oh, and for anyone wondering what I look like, I now have a couple of cheesy pics on Foobonic.
Posted by Corwin (Member # 5705) on :
Have you tried blocking the address from which the emails arrive ? Or do they come from many different ones ? If they come from the same domain, though, you still have the option of blocking the it entirely, I think.
Hope it solves your problem, I know it's quite annoying to have to quit using an email account, especially your "main" one...
Just thinking: could you write to Microsoft and tell them that they're beeing impersonated by someone ? That might stop it...
Posted by Jexxster (Member # 5293) on :
Hmm, first off whay type of email is it? Is it a web based only (eg, Hotmail or Yahoo) or do you access it via a desktop program (eg. Outlook, Outlook Express, Eudora, IncrediMail)? Either way, the best thing to do is to act prophylactically.
Do you have a virus scanner on your computer? I use Norton AV, so am most familiar with it. You should have it set to always be on. Also you can have it set to scan all outgoing mail which should prevent you from sending out a virus to other people. If you don't have an AV program, get one as soon as possible. Also, make sure it is up to date as possible. Norton can automatically update itself when there are updates, or you can do it manually. Run a full system scan after making sure that it is as up to date as possible. Also, make sure that you run Windows Update and that you have all the critical updates.
Chances are good that you don't have a virus. I have received numerous emails telling me I was trying to send a virus to someone else, but it turned out that people with my address in their address book were the infected ones.
Oh, also, if you don't have an AV program at the moment, get McAfee's Stinger. While not comprehensive, this will scan for about 30 of the most common recent viruses.
Hope that helps.
Posted by Julie (Member # 5580) on :
If you have AOL then forget it. I was having that problem and the version that I had at the time made it almost impossible to deal with so I now use yahoo. Annoying to switch, but yahoo seems to do a much better job about junk mail. Also, do you list your e-mail address at any websites you use? Some people might be reading your address there and sending you junk mail because of that.
Posted by Jexxster (Member # 5293) on :
One other suggestion (and I think everyone should do this).
Get a hotmail account or something similar that you use specifically for spam. Have one or two accounts that you only give out to actual people, and another one that is just a junk account, to give out to websites, all that junk. Then just leave that one alone.
I have a hotmail account that I use for that purpose and I have the junk mail settings set on maximum. It gets spammed, but I just go in every once and a while and just delete everything in it. My other accounts I only give to people I want to email me.
Posted by Kayla (Member # 2403) on :
Macc, you could have a virus that is causing it, but it's also possible that someone cloned your addy and is sending them out. I found out someone did that to me when I got a bounce back. I also got an e-mail from. . . I can't remember where now, but it was a college or something, saying I might have a virus because I e-mailed them something with an attachment that their e-mail virus checker said had a virus. I never sent them an e-mail. I forwarded it all to my ISP who said it looked like I had been cloned and that I should run . . . can't remember that either, to see if I had a virus, just to be sure. I ran the virus thing and didn't have one, and I'd already gotten both patches from Microsoft. From now on, if you get an e-mail like that, don't click on anything. First, go to google or something and check out the information. You should be able to find the same information from there and if you can't, there's a problem. This way, you can get the correct information without the risk of clicking on a link. Just my 2 cents.
Posted by slacker (Member # 2559) on :
You can always try to set up a filter that deletes any file attachment that ends in *.exe (and the other virus-prone attachments).
Posted by Tristan (Member # 1670) on :
I haven't got the virus myself, but I've heard that the bounced mail messages are fake and only designed to get you to open the attachment in an attempt to remember what you'd sent. If you clicked on the attached file chances are that your computer is infected and you ought to take steps to get rid of it.
[ September 21, 2003, 01:55 PM: Message edited by: Tristan ]
Posted by Storm Saxon (Member # 3101) on :
I would bet all my money on her return address being cloned by a spammer. It's fairly common. If that's the case, you can kiss that email account good bye--or at least, leaving it open to all email addresses. Posted by Maccabeus (Member # 3051) on :
It appears that I don't have a virus...it's the people I'm getting messages from that are infected. And I have not opened the attachment--my anti-virus program stops it from opening if it detects anything.
I will try and find a way to block stuff, but it is hotmail, so wish me luck.
Posted by Jexxster (Member # 5293) on :
Best of luck Macc, but I would seriously suggest scrapping that email addy all together. Use it solely as a spam-allowed address and set up a new account for actual correspondence.
Edit: From my personal experience once a hotmail account starts getting hit with stuff you might as well kiss it goodbye.
[ September 21, 2003, 03:29 PM: Message edited by: Jexxster ]
Posted by Maccabeus (Member # 3051) on :
Jexxster, I've already had a rash of spam and recovered from it (though it appears the real end of the spam didn't come until the blaster worm...hmm, I wonder...). Since this stuff is purely virus-generated and is overloading me not with volume but with large message size, I'm hopeful that is will pass.
Posted by Lead (Member # 918) on :
The Swen worm is an ugly one, even if you aren't infected. Those of us first hit were all had addresses harvested from public usenet newsgroups (or in my case, from sff.net newsgroups that someone had published to a usenet server, which is against the sff.net rules). Many of us post to public forums and newsgroups (and anywhere online) with addresses used solely for this purpose, so we were able pretty quickly to determine where the addresses had been harvested from. I deleted a few thousand copies of this worm mail between Thursday evening and Friday evening. Late Friday, when it had reached over 100 per hour and was decidedly hindering my regular mail traffic and the ability to get work done on the computer (because it was busy downloading and virus scanning/blocking all these damned things), I started filtering them on the server side. This is one of the biggest benefits to having my own domains and having some control over the server they're on. I set up filters on the server and now I at least don't have to download them all. They're just being scrapped on that end.
Unfortunately, this sort of thing does affect the servers that have to move all the traffic. I was by NO means one of the hardest hit, and this was still the worst problem I've ever had with such a virus or worm. Technicians trying to deal with the traffic on a server level have reported 5, 10, or more, copies per SECOND hitting servers. This is precisely the sort of thing that cripples traffic. All these hundreds of thousands of copies of this stupid thing have to be moved around the networks, and they have to be filtered, eating up system resources as well as man-hours.
I strongly recommend using "disposable" email addresses for anything where you have to give out your email address online or to a company. (Heck, by doing this, I've nailed a few companies I was doing business with for giving out my contact info to marketing lists, because I knew exactly where I had used a specific address.) Keep one address for "real" email, giving it out only to actual people. Never put it into any online form, anywhere. I have a few addresses I do this with, and they never gets any spam at all.
After the first wave of the emails claiming to be from Microsoft, which include the worm, there are two other waves to this damned thing. One is "bounce messages" coming back to you because your address was spoofed in the "from" field for sending out the virus (meaning that someone had your email address in an address book, or a msg you had posted on a newsgroup was loaded in their news reader, or a page from a website that had your address on it was cached in their system). The other wave is from well-meaning, but annoying, people who have automatic systems sending out reply emails (again, your address has been spoofed) telling you you have sent them an email which contained a virus. I have gotten almost as many of these second two types of mail as I have actual virus copies -- thousands. The whole mess is annoying as hell.
And lastly, of course, never click on the damned attachement. From what I'm hearing from technicians who have had to clean infect systems, this one is much more difficult than usual to get rid of, and may, for some people, require professional assistance. Myself, I'm just about to stop accepting any attachments at all, from anyone. I may just start screening out attachments on the server side, and anyone who needs to get me a copy of something will have to FTP it to me. Or maybe I'll just filter out everying but archive files. I'm not sure yet.
~~~Lead
Posted by Kayla (Member # 2403) on :
Wow, I only got one bounce back and that one e-mail saying that an attachment (I never sent) had a virus. Guess that's the best way of knowing I was never infected.
Posted by Lead (Member # 918) on :
Hehe, Kayla, I wasn't infected either. I was just unfortunate enough to have used a working (if meant for this purpose) email address online in a spot that was harvested for direct attack from this particular worm. Actually, of the people I've seen hit the worst, none were actually infected. This is one of those instances where it isn't "just" the people who open the attachment that are suffering. I feel most for network administrators having to tend to servers which are being hard hit by the traffic.
~~~Lead
Posted by Túrin (Member # 2704) on :
::I went to open the patch attachment and lo and behold, it _is_ a virus. Someone is actually faking being Microsoft.::
Microsoft *NEVER* e-mails people executable files! To patch or update Windows, you go to their website. An .exe from Microsoft is like a "You may have won 10 million dollars" from the UNIBOMBER.
Posted by Maccabeus (Member # 3051) on :
I would doubtless have realized that Microsoft wouldn't send me a patch. However, I normally check e-mail first early in the morning when I arrive from work. Often I am half-asleep and my judgement is a bit impaired.
![[Frown]](frown.gif)