| || || |
| Is There a Virus or Worm Affecting Your System? |
Answered by: Conrad Richter
Question from: Dr. Corinne Leek
Posted on: April 29, 2004
I am emailing to inquire if you had sent an email with the subj header "Incoming Msg". It also had an attachment "Joke.cpl". If you did not, perhaps you’d best check for a virus or worm affecting your system.
Just an FYI as I had not emailed for any info from Richters for quite some time.
I can assure you that the message did not come from us. If you check the full header of the message, you will find that it came from an IP address different from ours. Our IP address is 220.127.116.11 and any message that came from a different IP address didn’t come from us.
The message you received likely is what is called a "spoofed" message and the current crop of viruses are famous for those. What happens is: on an infected computer somewhere on the Internet the virus goes through the infected computer’s files and harvests email addresses. Then it sends out infected messages to those addresses. But -- and this is the key germaine here -- the virus also replaces the "From:" address with one of the harvested messages, making it seem like the message came from that "spoofed" address.
We are certain that we are not the actual source of the message because our email software simply cannot run the viruses. So, even as we receive infected messages from other computers on the Internet like everyone else, those infected messages cannot run their payload on our computers.
I hope that this helps explain why you received that message with the "joke.cpl" attachment. The address spoofing viruses and worms are a serious problem, and they have caused much confusion over who is the actual source.
Whenever you are in doubt about a message, it is worth looking at the full header. Most email programs will let you do that. Once you become familiar with the information in the header, you will have another very powerful means at your disposal for determining the authenticity of email messages.