Trojan or Address Spoofing?

[Mark]

Just received a message from
Network Associates Webshield - e-mail Content Alert

Stating that:

"The email server, viruswall3.fullerton.edu, did not deliver the message
from
[my email address] to <[email protected]> with the subject
"Re: Excel
file" because the message contains 1 or more files with ".pif"
extension(s)".

I never sent any such email. I've read of others receiving a virus in the
form of an excel.pif file. Does this indicate that I have some type of
trojan sending such email without my knowledge or someone spoofing my
address? Running XP with Norton Internet Security.

 

[Wrangler]

Just received a message from
Network Associates Webshield - e-mail Content Alert

Stating that:

"The email server, viruswall3.fullerton.edu, did not deliver the message
from [my email address] to <[email protected]> with the subject
"Re: Excel file" because the message contains 1 or more files with ".pif"
extension(s)".

I never sent any such email. I've read of others receiving a virus in the
form of an excel.pif file. Does this indicate that I have some type of
trojan sending such email without my knowledge or someone spoofing my
address? Running XP with Norton Internet Security.

Nope, most likely its a mass mailer, and someone with your email address in
their address book has been infected.

The WebShield products allow you to block by (single and/or double)
extension, so the people who received the mail are basically blocking .PIF
at the gateway, and sending a mail back to tell the apparent author why the
mail did not get through. If it had not been blocking by extension before
scanning, you would have probably been told what the virus was - however the
rejected the mail purely on extension.

In your case and in today's climate of NetSky and its mates, it *sounds*
like your email addy has been spoofed, so you are the one getting the alert
back, not the truly infected machine.

However, it does not harm to make sure your own Antivirus is bang up to
date, and to scan you local machine to make sure it is not you.

Cheers,

..\/.artin

 

[Becky O]

It's so annoying. I awoke to no less than seven angry emails this morning
berating me for sending them an infected file.

*sigh*

Becky

Just received a message from
Network Associates Webshield - e-mail Content Alert

Stating that:

"The email server, viruswall3.fullerton.edu, did not deliver the message
from [my email address] to <[email protected]> with the subject
"Re: Excel file" because the message contains 1 or more files with ".pif"
extension(s)".

I never sent any such email. I've read of others receiving a virus in the
form of an excel.pif file. Does this indicate that I have some type of
trojan sending such email without my knowledge or someone spoofing my
address? Running XP with Norton Internet Security.

Nope, most likely its a mass mailer, and someone with your email address in
their address book has been infected.

The WebShield products allow you to block by (single and/or double)
extension, so the people who received the mail are basically blocking .PIF
at the gateway, and sending a mail back to tell the apparent author why the
mail did not get through. If it had not been blocking by extension before
scanning, you would have probably been told what the virus was - however the
rejected the mail purely on extension.

In your case and in today's climate of NetSky and its mates, it *sounds*
like your email addy has been spoofed, so you are the one getting the alert
back, not the truly infected machine.

However, it does not harm to make sure your own Antivirus is bang up to
date, and to scan you local machine to make sure it is not you.

Cheers,

.\/.artin