Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
   Service Ends 11/1/07
   Who Gets Email?
   Switching Email
   Already Forwarding?
   New Accounts
   Closed Accounts
   Group Accounts
   Special Aliases
   Transferring Email
   Address Updating
   Table of Forwarding
   Pine @stanford.edu
   Messages to All
Network File Server
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
School Resources
Using Unix

Why am I getting notices about viruses found in email from me that I don't remember sending?

Last revision May 12, 2005

If you use a Windows PC with a PC based email program such as Eudora or Outlook, then it is possible that your PC is infected with an email virus. These viruses are programmed to send copies of themselves to every email address they can find on your PC. This happens "in the background" without you even noticing it. The first notice you may get that something is wrong is when another site sends you a message that a virus was found in email you sent, or that email you sent was undeliverable, but you don't remember ever sending those emails.

If you suspect that your Windows PC is infected with an email virus, you should run a full antivirus scan of your entire hard disk, which can take 30 to 60 minutes or more. If you don't have antivirus software installed on your PC, or think it may be out of date, then install the site-licensed copy of Symantec Anti-Virus from the Essential Stanford Software web site, use its LiveUpdate feature to get the latest virus definitions, and then perform a complete scan of your entire hard disk. This program should find and remove the virus from your PC.

It is also possible that there is no virus on your computer, and in fact, that your computer never sent that email which other sites are complaining about. You may be the victim of a form of "identity theft" where some other infected PC sends out those virus-laden messages but makes it appear that they are coming from you.

If you use a Macintosh computer to read email, or use a Unix program such as pine, your computer can not be infected with email viruses, which are specific to Microsoft Windows. So in this case, if you get notices of viruses in email you supposedly sent, then you definitely are the victim of this type of identity theft. This is also likely if you use a Windows PC, which can be infected, but your antivirus scan found nothing.

It is incredibly easy to falsify the return address on an email message. Email virus programs that are continually being released on the Internet routinely take advantage of this fact to disguise their origins. An email virus running on an infected Windows PC scans files on the PC to find email addresses. It sends copies of itself to those addresses, in an attempt to infect more PCs. But it also randomly inserts one or more of the email addresses it finds into the From: (return) address field of the email messages that it sends. This makes it look like the email is coming from someone else. That someone else could be you!

If you ever communicated with someone whose PC gets infected by one of these viruses, or even sometimes if you are on a common email list with that person, whom you may not even know, your email address may be used by the PC virus as the From: (return) address when it sends out copies of itself. In this case, you will be the one who gets notices from other sites complaining about the viruses in the email they have received, or complaining that they cannot deliver that email.

What can you do about this "identity theft"? Nothing. Ignore these messages. If anyone complains to you that your computer is sending email viruses to them, explain that you either do not use a Windows PC and thus cannot be the source of these viruses, or that you have completely scanned your Windows PC and found none. Tell them to look carefully at the full headers of the messages to find the true originating computer, which will show in the earliest dated Received: header line.

 


Comments?

Stanford University    |