How can a virus get sent, seemingly from my address, to a person I have never contacted? Thread poster: Todd Field
|
|---|
Todd Field 
United States
Local time: 17:01
Member
Portuguese to English
Dear colleagues,
I am hoping for an explanation on this one from someone who knows more about how viruses work:
Today my computer sent a virus to someone I had never before seen or contacted. For kicks, and since I only use this computer for translating, I went to see if this person had a profile here at Proz. To my surprise, I found the poor virus recipient: different language pair, name I had never heard, in short, a completely new person who I had never "met" before ... See more Dear colleagues,
I am hoping for an explanation on this one from someone who knows more about how viruses work:
Today my computer sent a virus to someone I had never before seen or contacted. For kicks, and since I only use this computer for translating, I went to see if this person had a profile here at Proz. To my surprise, I found the poor virus recipient: different language pair, name I had never heard, in short, a completely new person who I had never "met" before (and never once exchanged correspondence).
I own Norton Antivirus and scan my computer religiously. I had all updates through last Saturday when the event occurred. To my knowledge this is the first virus ever sent by my computer.
An interesting clue is that all my SPAM comes from European-based domains, and the recipient of this virus is also in Europe. Could there be a relationship?
I am really dumbfounded here… how can my computer email a virus to someone at Proz if I have never exchanged email correspondence with them?
Todd ▲ Collapse
| | | |
Are you sure it was sent from your computer? Many of those viruses forge the sender, so it might simply *appear* to come from you. I could have sworn this was talked about on the forums before, but I couldn't find the link.
See e.g. http://www.itd.umich.edu/virusbusters/klez.html
The main features of Klez.E and Klez.H are these:
* It often forges its F... See more Are you sure it was sent from your computer? Many of those viruses forge the sender, so it might simply *appear* to come from you. I could have sworn this was talked about on the forums before, but I couldn't find the link.
See e.g. http://www.itd.umich.edu/virusbusters/klez.html
The main features of Klez.E and Klez.H are these:
* It often forges its From: field, so that recipients of email with Klez-infected attachments seem to get it from someone who was not the actual sender (and is not the real Klez victim)
http://andrew.triumf.ca/bugbear/
October 2002 BugBear virus
This virus forges both sender and return addresses. It is pointless to reply to the sender. The TRIUMF mailer trmail is now deleting this virus so you should not normally see it.
The virus finds an old mail message in a mail folder, combines the name and userid with a domain from another message, and uses that as the sender. It then sends itself automatically to other email addresses discovered in the folder and elsewhere. ▲ Collapse
| | | | Ralf Lemster
Germany
Local time: 01:01
English to German
+ ...
| Do you *know* it was sent from your computer? | Jan 19, 2004 |
Hi Todd,
Which virus or worm was the cause of the problem?
How did you ascertain that this was actually sent from your computer? Most current viruses (most of them are worms, actually, but that's only a technical distinction) use "spoofing" techniques - IOW the purported sender is almost never the real source.
That's why I'd be interested to know if you detected a sent message, or if the recipient told you that "you" sent it.
Hope this makes sense....... See more Hi Todd,
Which virus or worm was the cause of the problem?
How did you ascertain that this was actually sent from your computer? Most current viruses (most of them are worms, actually, but that's only a technical distinction) use "spoofing" techniques - IOW the purported sender is almost never the real source.
That's why I'd be interested to know if you detected a sent message, or if the recipient told you that "you" sent it.
Hope this makes sense....
Ralf ▲ Collapse
| | | | Magda Dziadosz
Poland
Local time: 01:01
Member (2004)
English to Polish
+ ...
| How do you know *you* sent a virus? | Jan 19, 2004 |
And to one person only? Usually an infected machine sents out mails to thousands of recipients.
What happened to me once, was that members of a certain mailing list received an e-mail which *looked* like sent from me (it was not) - we have later found out that virus was sent from a computer of the list member who once exchanged e-mails with me.
It looked like me sending messages to people I don't know, but it was a worm and not even in my machine. It was Klez.E, if I recall co... See more And to one person only? Usually an infected machine sents out mails to thousands of recipients.
What happened to me once, was that members of a certain mailing list received an e-mail which *looked* like sent from me (it was not) - we have later found out that virus was sent from a computer of the list member who once exchanged e-mails with me.
It looked like me sending messages to people I don't know, but it was a worm and not even in my machine. It was Klez.E, if I recall correctly.
So, don't worry and check your machine regularly, preferably using more than one anti-virus software.
Magda ▲ Collapse
| | |
|
|
|
Andrzej Lejman
Poland
Local time: 01:01
Member (2004)
German to Polish
+ ...
| Sorry, Magda | Jan 19, 2004 |
Magda Dziadosz wrote:
So, don't worry and check your machine regularly, preferably using more than one anti-virus software.
Magda
You cannot run more than one anti-virus program (as well as more than one firewall) on one machine. The software does'nt work properly than, and the system can even crash.
What you can do, is to DISABLE for a moment the anti-virus software and to use one of the online scanners, available on the Net.
Best regards
Andrzej
| | | | Todd Field
United States
Local time: 17:01
Member
Portuguese to English
TOPIC STARTER | Answer to Ralf's questions | Jan 19, 2004 |
Thanks to all for your input thus far.
In answer to Ralf's questions:
- I do not know the name of the virus or worm (I did a full system scan and came up clean)
- I ascertained that it was supposedly "sent" from my computer since the recipient emailed me directly to say that I had "sent" it
I do understand the basics of viruses and how they operate. What baffles me is that the recipient is a Proz member, and one with whom I have never exchanged... See more Thanks to all for your input thus far.
In answer to Ralf's questions:
- I do not know the name of the virus or worm (I did a full system scan and came up clean)
- I ascertained that it was supposedly "sent" from my computer since the recipient emailed me directly to say that I had "sent" it
I do understand the basics of viruses and how they operate. What baffles me is that the recipient is a Proz member, and one with whom I have never exchanged correspondence of any type... this can't be just a mere coincidence...
Thanks in advance for your ideas.
Todd ▲ Collapse
| | | | PAS
Local time: 01:01
Polish to English
+ ...
The virus may have been sent from another computer. Listen to this:
Some months ago I was away for a few days. I came back, did the e-mail ritual and what did I get? responses from other e-mail addresses saying an e-mail from _my_ address was rejected because of a virus.
The rejections did not come from any addresses in my address book, but from addresses remotely connected with some of the work I do.
I reasoned the virus was sent from a computer which had my address in ... See more The virus may have been sent from another computer. Listen to this:
Some months ago I was away for a few days. I came back, did the e-mail ritual and what did I get? responses from other e-mail addresses saying an e-mail from _my_ address was rejected because of a virus.
The rejections did not come from any addresses in my address book, but from addresses remotely connected with some of the work I do.
I reasoned the virus was sent from a computer which had my address in it and the addresses which sent the rejections, but not from mine. (After all, I wasn't there to send anything - the computer was shut off and the plug was pulled - something I always do when I go away for more than 1-2 days.)
Go figure. Since that time I also enabled the 'scan outgoing mail' feature in NAV. It slows the sending down, but maybe it will help?
HTH
Pawel Skalinski ▲ Collapse
| | | | | I'm guessing the email was spoofed | Jan 19, 2004 |
Since you are running virus software, presumably up-to-date, and do not find anything on your own system, it is most likely that the virus did not actually originate from your computer. The virus has "spoofed" your address, to make it appear as though it was coming from you.
As for the fact that you have not corresponded with the member in the past, the most likely scenario is that someone you have had correspondence with became infected, the virus grabbed your email address from Ou... See more Since you are running virus software, presumably up-to-date, and do not find anything on your own system, it is most likely that the virus did not actually originate from your computer. The virus has "spoofed" your address, to make it appear as though it was coming from you.
As for the fact that you have not corresponded with the member in the past, the most likely scenario is that someone you have had correspondence with became infected, the virus grabbed your email address from Outlook (Express) on that person's computer, and sent itself to the person who contacted you (for the first time). There may have also been several people acting as the conduit.
That you are both members of ProZ.com is probably just a coincidence.
If you want to confirm all of this, you can ask the infected person to send you the headers from the email he/she received. I can help you decode them if you do not know how.
Of course, you should not open any attachments from the infected person. ▲ Collapse
| | |
|
|
|
Ruben Berrozpe (X)
English to Spanish
| Europe's a big place... | Jan 19, 2004 |
Todd and Monica Field wrote:
An interesting clue is that all my SPAM comes from European-based domains, and the recipient of this virus is also in Europe. Could there be a relationship?
Todd
I don't think the area (specially such a big one) has got anything to do with it, honestly. But I tend to agree with the previous postings in that your address might have been used illegitimally to send a virus.
BTW, I used to think that McAfee was a better option than Norton in general terms, at least that was the word around here a couple of years ago. Anyone's got updated information on this? It's because my Norton subscription is about to end in a few weeks, and I'm considering a switch.
Thank you,
Rb
| | | | Klaus Herrmann
Germany
Local time: 01:01
Member (2002)
English to German
+ ...
| You are in the address book of someone who has a virus | Jan 19, 2004 |
I think that's the most simple and most likely explanation in this scenario. The virus picked a random address from the address book of the machine it's running on. It's not an uncommon thing for a virus to do.
| | | | | this is exactly what happens | Jan 19, 2004 |
Klaus Herrmann wrote:
I think that's the most simple and most likely explanation in this scenario. The virus picked a random address from the address book of the machine it's running on. It's not an uncommon thing for a virus to do.
It's just like Klaus says.
Just keep your machine clean and don't get paranoid (that's what people sending viruses on purpose want!).
Good luck!!
Grace.
[Edited at 2004-01-19 23:13]
| | | | Dorothee Racette (X)
United States
Local time: 19:01
German to English
+ ...
| To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » How can a virus get sent, seemingly from my address, to a person I have never contacted? | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | Wordfast Pro | Translation Memory Software for Any Platform
Exclusive discount for ProZ.com users!
Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
