ZYRA's front page //// INTERNET //// e-mails //// site index
Also see: anti-virus measures
This item is a special feature of the ROGUES GALLERY OF SUSPICIOUS E-MAILS
Mail Returned virus messages
You receive a message which says "Mail Subsystem: Mail Returned" or some such thing. Looks like you sent a message and it failed to be delivered. But did you really send it? Here's the problem:
If someone called themselves "Mail Subsystem" and sent messages saying "Returned Mail: Service Unavailable", it would LOOK like a proper mail-returned error message. It's a cunning way to disguise a virus!
What happens is that if you receive a strange looking mail returned message, your natural instinct is to investigate it, for example by opening the attachments... DON'T! There may be a virus in there, and you might not be able to tell, unless you have taken the precautions described at the anti-virus measures page
Anyway, here's an example of the sort of thing:
|<attachments: ATT00071.dat (342
bytes) Fw: Joke Love to ur Lovers :-) (31.7KB)>
----- Original Message -----
The original message
was received at Mon, 28 Oct 2002 06:50:01 -0500 (EST)
from logs-mtc-th.proxy.aol.com [22.214.171.124]
To me, it's a dead-giveaway this is a virus and not a genuine mail returned error. The address accused of sending the message this refers to, "add-a-cat", can not in fact send messages at all. It's a receive-only address on the page of categories, and the address has been harvested by the computer of some unwitting person whose computer has already caught the virus.
How to avoid being caught out:
If you can, have separate receive-only e-mail addresses for incoming public-access. That way it's easy to spot these bogus messages, as you know the accused address could not have sent anything!
Or, even if you can't get "infinite e-mails" facility...
1. Never run an attachment in a "mail returned" message.
2. Don't have "hide file extensions" and don't allow ActiveX in e-mails.
3. Try to keep a track of messages you have sent, so that any messages reporting "returned" have to match actual messages which you have sent.
4. See www.zyra.org.uk/avirus.htm
5. Lobby your ISP to find a better way of expressing the mail not delivered concept. The inclusion of old e-mails in attachments is bad form! The problem isn't exclusive to AOL
Also see ANTI-VIRUS SOFTWARE which may help to clear viruses in your machine, and to TEST to see if you are safe!