Avast WEBforum

Other => Viruses and worms => Topic started by: craymond on September 08, 2003, 08:48:19 AM

Title: Do I have a virus?
Post by: craymond on September 08, 2003, 08:48:19 AM

Tonight I've received over 50 e-mails from my "Mail Delivery Subsystem", each containing a message from AOL that my "e-mail is being returned" because of undeliverable AOL addresses.  (See sample below.)  All of the 50 have a return address that's on mydomain.com, but those addresses are not valid.   In other words, it appears that someone is spoofing me by sending spam from  multiple non-existant addresses@mydomain.com.   (I've told the POP server to forward all incorrectly addressed mail to my main address, which is why I'm seeing all these failures. What I'm really concerned about are all the ones that are NOT failing, and who now think that my domain is a spammer.)
Two questions:  
1) Could a virus have caused this?
2) What can I do to stop it?

Thanks for any advice,
Cliff Raymond

-----------------
The original message was received at Mon, 8 Sep 2003 01:54:55 -0400 (EDT)
from rly-xi05.mail.aol.com [172.20.116.10]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery.  The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered.  The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



   ----- The following addresses had permanent fatal errors -----
<jgjr195840@aol.com>
<bassfly357@aol.com>
<jcolvert@aol.com>

   ----- Transcript of session follows -----
... while talking to airmail-04.mail.aol.com.:
>>> RCPT To:<jcolvert@aol.com>
<<< 550 MAILBOX NOT FOUND
550 <jcolvert@aol.com>... User unknown
>>> RCPT To:<bassfly357@aol.com>
<<< 550 MAILBOX NOT FOUND
550 <bassfly357@aol.com>... User unknown
>>> RCPT To:<jgjr195840@aol.com>
<<< 550 MAILBOX NOT FOUND
550 <jgjr195840@aol.com>... User unknown

Title: Re:Do I have a virus?
Post by: Pavel Baudis on September 08, 2003, 09:16:38 AM

Many "modern" viruses could forge the sender's address - see my answer here: http://www.avast.com/forum/index.php?board=4;action=display;threadid=1048;start=msg5635#msg5635 .

So this does not mean you are infected.

Quote

1) Could a virus have caused this?

Of course yes, but not on your computer :-)

Quote

2) What can I do to stop it?

Nothing... Just ignore the messages. Their flood should stop after some time!