Now I keep on getting emails returned to me, which I never sent. Either because the receiver recognised it as spam or as an unknown address. (btw, I only use Hotmail) Now my assumption is that my email has been sold to some crummy internet company and its being used for spam.
Is it possible to stop these bastards? Is there any laws against this? How many people are now getting emails from “me”?
I have been getting the same thing on two of my e-mail accounts. I forwarded a couple to Spamcop and they came back to me saying that these messages are not only spam but probably contain a virus . The anti-virus programs on both my computer and the e-mail service providers did not detect them so they must be a new kind of virus. Now I just delete these messages when I receive them
They are usually spam or a result of a virus/worm.
- Spam:
The subject will contain “Returned Mail: User Unknown” or something similar. When you click on it, the contents of the mail will contain spam messages, free pr0n, bargain offers, etc.
- Virus/Worm:
Let’s say Rayne Man’s computer is infected with a worm. Let’s say that this worm uses Rayne Man’s Outlook Address book to seek addresses to spread the worm to. Let’s say Rayne Man loves you very much and therefore has you listed in his address book. So, the worm selects your address from the Outlook Address book and puts it in the “From:” header of the email it stealthily plans to send out to someone else in the address book. Since Rayne Man loves me too, let’s assume that I too am listed in his address book. The creepy worm takes advantage of our looove and decides to send that email to me. So, it picks my address out of the address book and puts it in the “To:” column. It then sends out the email from you to me.
Let’s say, now, that my email address is no longer valid 'coz Rayne Man has a very old no longer active email address of mine listed. The worm sends out the email anyway. It reaches my email provider, who responds with “Address Unknown”, since my address doesn’t exist anymore. It sends this response back to the email address listed in the “From:” field of the incoming email. The “From:” field contains your email address, therefore you receive an email with the subject line “Returned Mail: User Unknown” from the mailer daemon of the email provider.
Notice how this entire chain of events does not require you to actually send out any email at all. Also notice how it does not mention Rayne Man anywhere.
The above is just one example of multiple possible scenarios.
Also note that even valid bounce messages contain pretty much the same subject lines. So, if you’ve sent out a critical mail in the past 24 hours or so, you might want to check such delivery reports. Otherwise, it’s safe to ignore them. I’ve noticed that if the size of the returned message is around 34-42K then it is in all likelihood a result of a worm, unless you actually sent out a mail of about the same size that might have bounced.
In either case, don’t open any attachments contained within these messages.
Unfortunately, there’s virtually nothing you can do to stop these messages, apart from using advanced spam blocking tools that you won’t have access to through Hotmail. Hotmail’s spam filter is about the most pathetic of all free email providers. Yahoo seems to do a much better job.
I got a bounced email also. It couldn’t have come from my address book because I’ve never had anyone in Camp Lejeune in my address book. I forwarded the email to the Comcast abuse address and the webmaster at Camp Lejeune, telling them of the problem. And yes, the attachment seemed to contain a virus (no, I didn’t open it, I scanned it with Norton’s).
How does it get access to my address book if I am not using outlook express? That might sound dumb.
yeh, I have the same problem, all the emails I get back are from people that I definitely do not know. And then I get emails from other people that obviously contain worms… “Oh look an email from some-one I don’t know, oh look it has an attachment, why don’t I open it?” that I don’t know either. 
Read carefully.
It’s not taking the email addresses from your address book. It’s taking your address from someone else’s address book, along with someone else you don’t know’s address.
That is, If you are X, your friend is Y and some random person in Y’s address book is Z, it’s taking X and Z’s address from Y’s address book, and sending a mail from X to Z using Y’s computer. Note that X does not know Z, and that none of this happens on X’s computer. As a result of this, X gets a bounced mail from Z’s mail server. Ofcourse, X has never heard of Z, and this causes the confusion.
This means you do not need to have Outlook or an address book, because it’s not using your computer at all, it’s using Y’s computer for this.
Unless, it’s spam. In which case they’ve harvested your email address through other means.
And note that emailing Z to tell Z that he has a virus on his computer is pointless, because Z does not have a virus. The virus is on Y’s computer. But Y’s email address is unavailable in this whole mess.
What software you use doesn’t matter, it only maters what software the person infected with the virus uses. If they have you in their addressbook, or sometimes if your email can be found on a website that they visited recently and is no in their webcache, then the virus can grab it there.
Odds are good some of the virus simply come up with semi-random email addresses to use for the To and From lines, as I sometimes getthem at catchall addresses that have never been given to anyone else.
Aye, it’s as xash said.
In the past couple of months I have had probably about a thousand such messages through my yahoo account alone!
It’s called email spoofing and it’s been used by scammers for some time to try and hide the from address so they can’t be traced. This latest generation of viruses - the Win32 worms all use email spoofing.
Sadly there isn’t much you can do about getting all the mailer daemon errors. 
Those are valid emails, just sent to the spoofed address the worm gave.
It’s a bloody pain, especially if you have a load of clients who are panicing and really can’t understand that it’s not their computer that is infected or their email security that was compromised.
Appropriate OP name! 
Over the past couple of days, there have been quite a few sent out. I’ve gotten a bunch on the email system I administrate, just since yesterday.
Just some crappy badly coded spam.
One thing to keep in mind is that some of the worms/viruses out there now just don’t assimilate your address book, but will also scan your entire system for text files, word docs, or even cached web pages in your temporary internet files for e-mail addresses:
From SARC (Symantec Anti-virus Research Center) about Netsky.U (the latest Netsky variant) here
So if you’re infected, you don’t even have to be using Outlook/OE for your mail client for it to get e-mail addresses off of your system, and those addresses may not have any connection to you other than you visited a web page 3 months ago and hadn’t cleaned out your temporary internet files since! Very slimy
critter42
Oh, I almost forgot - one of the nasties out there now (Sober, IIRC) can and will generate a fake “Returned E-mail” message, making it look like it is a legit bounce from some mail server. So I would imagine that a bunch of the “bounces” you’re seeing are actually being generated by the virus, rather than as an actual bounce from a third party ISP. I can recognize them most of the time now, but I do have to say that this is probably the MOST well-crafted virus (at least the text of the e-mail is well-crafted) from a social engineering standpoint that I have seen to date.
critter42
sigh…let me clarify:
“are actually being generated by the virus” should be read more properly as “are actually being generated and sent by the virus directly from the infected person’s system.”
critter42 - where the Right Brain doesn’t know what the Left Brain is thinking…
One thing to add , if you usually forward spam to a reporting centre don’t do this with this type e-mail. I sent off a couple of these to Spamcop and they replied with a sharp liitle note saying " don’t sent us viruses ". Of course I did not realize at the time that the spam was infected. So now I just delete the file and block the sender.
When you say “block the sender” - do you mean you block the real IP it came from, or block the person in the “From:” field. If you’re blocking the person in the “From:” field, then with today’s viruses/worms you are doing nothing but blocking an innocent person - remember the “From:” field is almost always forged nowadays. Or were you referring to just blocking spam?
critter42
I am blocking the sender address because that is the only thing I can do. None of these addresses are known to me ( most seem to originate from Germany and Switzerland) so it is no hardship to me to prevent any more infected mail coming from there. I wish I could block the spam but *Spamcop * refuses the handle the message .
And it doesn’t even have to come directly from an address book. If the worm starts off with a mailing list (like one of those ones where you can buy a million addresses for a dollar!), your name could be paired with almost anyone else’s.
And also, it could be grabbing addresses from the “Return” lines of emails that the worm finds in someone’s mailbox. Those addresses may not be in the victim’s address book.
In short, the worm could have gotten the “To” and “From” addresses from almost anywhere.
Not only that, some viruses will search thru DELETED documents as well.
If your email addr is publicly listed on a web page, and mine is also (on a different site or page), the infected machine will grab both, put one in the TO field, and the other in the FROM field before mailing itself. Thus, these two people can be totally unrelated, and neither may be in any address book.
Also, some viruses are generating addrs from a list of names or a randomizing routine, then concatenating those names to domains found. If “bob.com” exists, then that domain may get deluged by mail for jane@bob.com, bill@bob.com, and joe@bob.com. Given enough time, all possible combinations of characters will be generated, even weird ones, and some of them will get thru.
Regarding the stupid virus scanner/bouncers, Jim Rapoza wrote in the Feb 9 Eweek magazine, Turn if Off!
It’s a good rant; read it.
I got a returned email the other day on my Yahoo account. The address was an osu.edu address and the name sounded vaguely familiar. Anyway, it had this liek to supposedly see the original message (somehting I had never seen before). The properties of the link said it was going to a Yahoo mail account.
So, like a moron, I clicked the link. Somehow, a virus got through, I’m not sure what, but my Symantec AntiVirus program said quarantine failed. I ran an update and it doesn’t seem like anything is on my computer.
So, viruses can be embedded in links? I’d never seen that before. Can it fake out the properties so it appears to be a valid link but isn’t? Yahoo usually has really good virus detection but didn’t pick up anything on this one…