Once in a while I get a spate of various types of bounce messages (usually from System Adminstrator, indicating the addressee is unknown), which refer to a message I never sent. The message is always some kind of spam advertising.
I notified my ISP but they sent me a canned answer saying to check for viruses. No virus on my system, according to Norton, and none of the bounce messages are from email addresses in my address book or that I recognize.
I suspect that someone is spoofing my email address to send spam. Unfortunately the bounce messages do not include the full header for the message they received.
I can’t rule it out but I don’t have most of the symptoms. Since I have Norton I’ll follow their instructions for removal, and if I remember I’ll let you know tonight/tomorrow. Thanks.
I’m having this problem too, and it is Klez. However, it’s not my system that was infected (I’m running Linux), it was a friend’s system. Klez uses addresses picked out of the infected machine’s addressbook for its from header.
Ahh. I was puzzled when I received a spate of returned (unsent) mail last week, checked to see what viruses where jumping around, pegged it as likely Klez, downloaded Symantec’s Klez removal tool and ran it, and found that I was clean.
(I’m very fastidious about virus protection.)
Thanks for that info, I’ll send a link to the removal tool to everyone in my contact list.
It’s not your system that has the virus. It sends itself from other’s computers using your address (randomly lifted from their Outlook) as the Reply to: header.
If you’re going to send out a link to people you need to be aware that Klez also sends out copies of itself pretending to be an anti-viral cure for itself. So personalise your email to make sure it doesn’t look like this.
I’m getting about 5 of these a day just now. :mad: Plus the occasional bounce.
I don’t think Klez is the only possible cause out there. This Tuesday morning I found a standard “spy on anyone from your computer” type spam in my in-box – with a reply-to of my own e-mail address! At the same time, I also received about fifteen bounce notifications that indicated that the message had been the same piece of spam. In this case, I think its pretty obvious that my address was “borrowed” for spamming. I am wondering if this is what happened to CooksWithGas. No suggestions on how to deal with this. In fact, advice would be appreciated.