My computer might have a Trojan, now what?
October 5, 2008 1:30 PM Subscribe
It's become apparent that my computer may have a Trojan. I just received a Returned Mail notice for mail I never sent, which instead of displaying my name it displayed "jasen kimberly," and was sent to a strange russian email address: munsov@pobox.spbu.ru. I'm concerned that this may be the result of a trojan "phoning home," or using my computer to send spam.
Best answer: Spam will sometimes spoof other people's addresses as the "from" field of the e-mail. This means that they still get their message out to some unsuspecting individual when the mail bounce message goes to you. I get return mail notices for mail accounts that I only check via a terminal (and thus couldn't possibly have trojans). I wouldn't get too worried as long as your computer isn't acting weird and your antivirus stuff looks OK.
On preview, what jrockway said.
posted by rivenwanderer at 1:38 PM on October 5, 2008
On preview, what jrockway said.
posted by rivenwanderer at 1:38 PM on October 5, 2008
Not necessarily. It's a strong possibility if you've only had one Returned Mail notice that someone who has your email address on their computer has a worm, and it's harvested all the addresses from their computer to send spoofed emails.
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing, a virus., or else they get Returned Mail notifications from addresses where the spoofed email hasn't been delivered.
posted by essexjan at 1:39 PM on October 5, 2008
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing, a virus., or else they get Returned Mail notifications from addresses where the spoofed email hasn't been delivered.
posted by essexjan at 1:39 PM on October 5, 2008
Just seconding jrockway. If this is the only thing wrong then don't worry about it. The likely cause is a spammer or virus that sent a bogus mail to the Russian address, with your legit address in the From field (something that is easily spoofed). The mail bounced back to you for whatever reason. But again, it is unlikely that first message would have originated from your computer.
posted by ellenaim at 1:40 PM on October 5, 2008
posted by ellenaim at 1:40 PM on October 5, 2008
Backscattered email... some may call it the result of Joe job spam. In either case, some asshole spammer is using your email address as the "sender" and "return" address, so bounces come back to you. Unfortunately irate recipients may think it's you, too, though this has been going on for years and one would think people would know better by now. My first thought was not that you were infected.
posted by crapmatic at 1:49 PM on October 5, 2008
posted by crapmatic at 1:49 PM on October 5, 2008
Some ways that these guys get your email address:
- You posted a message to a Listserv
- Clicked on the "take-me-off-this-mailing-list" link in a marketing email
- Had your email address listed on a website (e.g. as a student)
- Entered a competition that asked for your email address
- Supplied your email to a business when making a purchase without sending them, in writing, your request that they do not sell this on to anyone for marketing purposes
- Dropped your business card into a prize draw box
- Gave your email address on a signed petition
- Forwarded one of those "funny" emails that everyone sends on to their friends
etc.
Don't worry -- I get about 2 of these a week. You learn to live with it ... :-)
posted by Susurration at 1:57 PM on October 5, 2008
- You posted a message to a Listserv
- Clicked on the "take-me-off-this-mailing-list" link in a marketing email
- Had your email address listed on a website (e.g. as a student)
- Entered a competition that asked for your email address
- Supplied your email to a business when making a purchase without sending them, in writing, your request that they do not sell this on to anyone for marketing purposes
- Dropped your business card into a prize draw box
- Gave your email address on a signed petition
- Forwarded one of those "funny" emails that everyone sends on to their friends
etc.
Don't worry -- I get about 2 of these a week. You learn to live with it ... :-)
posted by Susurration at 1:57 PM on October 5, 2008
If you are really worried, download Spybot Search & Destroy, which will scan your computer for Trojans. It's free, comprehensive, and updated regularly. It also installs a real-time monitoring application (Teatimer), which will protect your PC against future incursions. Just remember to check for updates periodically.
posted by Susurration at 2:00 PM on October 5, 2008
posted by Susurration at 2:00 PM on October 5, 2008
Response by poster: Wow. I feel a lot better, thanks everyone.
posted by matkline at 3:37 PM on October 5, 2008
posted by matkline at 3:37 PM on October 5, 2008
This thread is closed to new comments.
So don't worry, this doesn't indicate any problem with your computer.
posted by jrockway at 1:35 PM on October 5, 2008