Is this a Virus or a Hoax?

[BrianChernicoff]

I came in today and have received a number of messages from the
postmaster saying the following (Please note that I have changed my
domain name to protect my organizations privacy) :



"Unknown user: (e-mail address removed)

RCPT TO generated following response:
550 No such user - psmtp



Original message follows.

Date: Sat, 30 Jul 2005 22:26:27 -0400
Message-Id: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Brian Chernicoff" <[email protected]>
Reply-To: <[email protected]>
To: <[email protected]>
Subject: automated response
X-Mailer: <SMTP32 v8.12>
Precedence: bulk

This is a test. "


Like I said there are a number of messages. I ran a Norton scan, I'm
clean. I'm unsure of what's going on.

 

[Diane Poremsky [MVP]]

It's probably both Someone (probably not you) is infected with a virus
that fakes either the addresses or sends a fake NDR...

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)



Join OneNote Tips mailing list: http://www.onenote-tips.net/

 

[BrianChernicoff]

Thank you for your response. Why would someone else being infected
cause my outlook client to send out mail? I could see if I'm infected
but not someone else.

Are you saying that (e-mail address removed) is being spoofed and that I
should disregard it?

 

[Brian Tillman]

Thank you for your response. Why would someone else being infected
cause my outlook client to send out mail? I could see if I'm infected
but not someone else.

Someone else has your address in their address book. That PC is infected
with one of the many viruses that travel through the address book,
extracting random addresses and using them as the sender when they send out
their own spew.

Are you saying that (e-mail address removed) is being spoofed and that I
should disregard it?

When the message with the spoofed sender hits a mail router trying to
deliver to a bogus address, that mail router sends back an NDR to the sender
address: yours. Even though you didn't send it, the mail router answering
can't know that because the only sender address it has is yours.

 

[BrianChernicoff]

Thanks for your reponse, however I figured out what the problem was.
Someone had turned on my out of office message. Since I'm in the IT
Dept. I get messages addressed to the postmaster forwarded to my
account. Here's what happened. Spammers sent messages to the postmaster
which automatically forwarded to me. Since my out of office was on my
outlook kicked back an out of office reply, "This is a test". Since
spammers continuously change their e-mail address when my out of office
went to the email address it was no longer valid therefore kicking back
a delivery failure. I thought it was pretty funny once I realized what
was happening. Talk to you later.