Trojan or Address Spoofing?

Just received a message from
Network Associates Webshield - e-mail Content Alert

Stating that:

"The email server, viruswall3.fullerton.edu, did not deliver the message
from
[my email address] to <helpdesk@exchange.fullerton.edu> with the subject
"Re: Excel
file" because the message contains 1 or more files with ".pif"
extension(s)".

I never sent any such email. I've read of others receiving a virus in the
form of an excel.pif file. Does this indicate that I have some type of
trojan sending such email without my knowledge or someone spoofing my
address? Running XP with Norton Internet Security.

"Mark" <granmark@DELETEyahoo.com> wrote:
> Just received a message from
> Network Associates Webshield - e-mail Content Alert
>
> Stating that:
>
> "The email server, viruswall3.fullerton.edu, did not deliver the message
> from [my email address] to <helpdesk@exchange.fullerton.edu> with the
subject
> "Re: Excel file" because the message contains 1 or more files with ".pif"
> extension(s)".

> I never sent any such email. I've read of others receiving a virus in the
> form of an excel.pif file. Does this indicate that I have some type of
> trojan sending such email without my knowledge or someone spoofing my
> address? Running XP with Norton Internet Security.

Nope, most likely its a mass mailer, and someone with your email address in
their address book has been infected.

The WebShield products allow you to block by (single and/or double)
extension, so the people who received the mail are basically blocking .PIF
at the gateway, and sending a mail back to tell the apparent author why the
mail did not get through. If it had not been blocking by extension before
scanning, you would have probably been told what the virus was - however the
rejected the mail purely on extension.

In your case and in today's climate of NetSky and its mates, it *sounds*
like your email addy has been spoofed, so you are the one getting the alert
back, not the truly infected machine.

However, it does not harm to make sure your own Antivirus is bang up to
date, and to scan you local machine to make sure it is not you.

Cheers,

..\/.artin

It's so annoying. I awoke to no less than seven angry emails this morning
berating me for sending them an infected file.

*sigh*

Becky

"Wrangler" <Wrangle@nowhere.com> wrote in message
news:405c8424$0$3309$cc9e4d1f@news-text.dial.pipex.com...
> "Mark" <granmark@DELETEyahoo.com> wrote:
> > Just received a message from
> > Network Associates Webshield - e-mail Content Alert
> >
> > Stating that:
> >
> > "The email server, viruswall3.fullerton.edu, did not deliver the
message
> > from [my email address] to <helpdesk@exchange.fullerton.edu> with the
> subject
> > "Re: Excel file" because the message contains 1 or more files with
".pif"
> > extension(s)".
>
> > I never sent any such email. I've read of others receiving a virus in
the
> > form of an excel.pif file. Does this indicate that I have some type of
> > trojan sending such email without my knowledge or someone spoofing my
> > address? Running XP with Norton Internet Security.
>
> Nope, most likely its a mass mailer, and someone with your email address
in
> their address book has been infected.
>
> The WebShield products allow you to block by (single and/or double)
> extension, so the people who received the mail are basically blocking .PIF
> at the gateway, and sending a mail back to tell the apparent author why
the
> mail did not get through. If it had not been blocking by extension before
> scanning, you would have probably been told what the virus was - however
the
> rejected the mail purely on extension.
>
> In your case and in today's climate of NetSky and its mates, it *sounds*
> like your email addy has been spoofed, so you are the one getting the
alert
> back, not the truly infected machine.
>
> However, it does not harm to make sure your own Antivirus is bang up to
> date, and to scan you local machine to make sure it is not you.
>
> Cheers,
>
> .\/.artin
>
>