Spoofed emails from my own domain?
August 13, 2005 5:10 PM Subscribe
Someone's been sending emails to me with virus attachments from what appears to be my domain, from non-existent email addresses there. What is happening, and can I stop it?
They all have some variation on "Your password has been updated" as the title line, and the body looks like
They all have some variation on "Your password has been updated" as the title line, and the body looks like
Dear user [me],This is the virus notification
You have successfully updated the password of your Emptybottle account.
If you did not authorize this change or if you need assistance with your account, please contact Emptybottle customer service at: service@emptybottle.org
Thank you for using Emptybottle!
The Emptybottle Support Team
Email scanner found a virus in following attachment:I can post the header info too, if that's useful. Should I just ignore this? I use Dreamhost for hosting, by the way, if it's germane.
Name:updated-password.zip
Content type: application/octet-stream
Additional information from antivirus: Generic Malware.a!zip
Attachment has been removed by firewall.
Response by poster: Well, that was clearcut. I've never (!) gotten an email with a virus in it before, and I was a bit freaked. Thanks, Wolfdog.
posted by stavrosthewonderchicken at 5:30 PM on August 13, 2005
posted by stavrosthewonderchicken at 5:30 PM on August 13, 2005
In the last many months, I'm getting similar emails - and other versions of same - from various "yahoo admintrators" instructing me to look at the "enclosed attachments", for all kind of reasons...
posted by growabrain at 6:11 PM on August 13, 2005
posted by growabrain at 6:11 PM on August 13, 2005
I have an email address of theora55@name.domain.com and I get these all the time, where the signature is Support Team at Domain.com. Thanks for the explanation.
posted by theora55 at 9:06 AM on August 14, 2005
posted by theora55 at 9:06 AM on August 14, 2005
Also, it's trivial to fake the from field on an email. A lot of spammers, viruses, and phishers do this.
It's sort of like the return address on an envelope. It might be accurate, but there's nothing to stop someone from lying about it.
posted by MikeKD at 7:06 PM on August 14, 2005
It's sort of like the return address on an envelope. It might be accurate, but there's nothing to stop someone from lying about it.
posted by MikeKD at 7:06 PM on August 14, 2005
This thread is closed to new comments.
Just delete them. If you can decipher from the full header whose machine actually originated them - could be someone you know that has you in their address book - then let them know they have it and need to remove it.
posted by Wolfdog at 5:22 PM on August 13, 2005