| |
ARTICLES |
| .......................................... |
go
back
|
| |
| .......................................... |
| Still need help?
|
| |
| |
|
Someone is using our email address to send viruses! Have we been hacked? |
Craig |
Issue:
You receive complaints that email supposedly sent from your domain contained attached viruses or worms. But you didn't send anything! Sometimes the 'from' address will even be one that doesn't really exist at your domain. Does this mean you've been hacked?
Actually, no it doesn't. It does mean that somewhere out there somebody caught a virus - and an address at your domain was in their address book. For example, the recent "MyDoom" and "NetSky" worms will go through a victim's computer to harvest all the email addresses it can find - and then email a copy of itself to all those addresses, using one of them as the "From" value. Sometimes the "From" value can be made up of $name_from_domain_A@$domain__B - for example, let's say the victim has an address book with "fred@domainA.com" and also "wilma@domainB.com". It is possible that the "From" value the virus uses could be something like "fred@domainB.com".
What can you do about this? In short, nothing. But then again you don't need to - you didn't send anything. The header of the email message will show where the virus originated. Of course we strongly remind you to have anti-virus software running on your computer with the latest definitions so that when you are the unlucky recipient of one of these messages you are protected.
Related links: http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@mm.html
http://antivirus.about.com/cs/allabout/a/mydoom.htm |
|
|
|
|
