Is this virus activity ?

Carpetpaul said: "I've just ordered something from a reputable internet site, and shortly after recieved an email of confirmation of order, when the mail came from them, I also got another mail at the same time This other email had was from 'Mail Delivery System' and subject 'mail returned to sender', I've pasted in the contents of that mail below. When I asked the internet site that I'd placed the order with, they said that there could be a virus in/with the email that I sent to place my order. How can I check if some kind of virus is using my computer / email account ? - for the type of virus checker I have, please see the end of this pasted mail. I also have a message from my service provider Tiscali to say that I've reached the end of my download limit for this month (which I thought unlikely) - but strangely they've sent that message to my website based email address rather than the one which I've registered with at Tiscali, is there any way that these two curious things could be linked, and how do I detect this virus if present and get rid of it ? ---------- pasted from mail below :- ---------- This is an automated message from the BorderWare MXtreme Mail Firewall at host Mxtremedr.ggi.co.uk. The message returned below could not be delivered to its intended destinations. For further assistance, please send mail to . If you do so, please include this problem report. You can delete your own text from the message returned below. Reason: : host 192.168.0.118[192.168.0.118] said: 550 5.7.1 Unable to relay for [email]ordersin5@mjgbsal251.co.uk[/email] -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.23/243 - Release Date: 27/01/2006"

Neutron2k said: "Mail Delivery system is the host computer sending back a bounce back message etc when a target email is unavailable, or whenever an email send fails. This means that you have either sent out an emai lto someone whos account does not exist, or someone is using your email address to spoof people with."

Carpetpaul said: "Well, I can tell you that I deffinatly didnt send any mail to the 'ordersin5@mjgbsal251.co.uk' address, if it is just as simple as the fact that I havent physically typed that address into a new email then thats for sure. I can also say that the email address mentioned above is also not in my 'sent items' list My anti-virus is runing a complete test of everything on my pc at the moment, and so far it's not turned up anything unusual...... if this test comes up clean what can I do.... and should I worry about my internet bank accounts ? How do I know if someone is 'running around' in my pc ?"

raven said: "Paul, I got those sometimes too, telling me an email didn't get delivered when I never even sent an email to that address. I simply delete them. It's spam. Getting that email at the same time as the other one was probably pure coincidence. You can always run a virus scan to make sure all is clean."

Carpetpaul said: "I've just finished the virus scan using my up to date AVG, not sure if this is the best virus checker but it all turned up clean I'll see how I go on, thanks very much for the advice ! Paul"

edwin said: "i bet its not a virus."

Neutron2k said: "ok look its not a virus. someone is'spoofing' your email address. spoofing is where you specify someone elses email address to send emails from, even if it doesnt go through your actual email account. You are simply getting the bounce backs of these. Its easy enough to do with web based mail components like CDO etc. For example, if i created a web page to send email and told it to set the senders field up with YOUR email address, and I sent an email to an invalid address, you would receive the bounce back error because it is sent to the email address in the sender field. I hope this makes sense. If you have any forms on your web site that send email and uses your email account then you could also be receiving bounceback errors from this is someone has hacked it and customised it. if you guys would like another exapmple, consider the following: in order for a mail handler to send email, you need an email address in the 'senders' field, or the email will not send as these days mail components are designed to pick up on blank senders fields. However, the email address you specify doesnt need to be valid. This also holds true for the receivers address. Now if someone has a mail script, they can specify whatever email address in the 'senders' field so that the person who receives the email will think its come from you when it hasnt. If this email is sent to an invalid address, the mail servers will reject it and send a bounce back the the email address that was in the 'senders' field, i.e. yours."

edwin said: "if you run domains these spoofing attacks are very common."

Neutron2k said: "yes they are, especially if you use a common email address such as [email]webmaster@so-so.com[/email] I get hundreds of bounce backs where people are spoofing my email addy every week."

edwin said: "yes, its a sad state of affairs. the "spf" is a nice idea, but no one implemented it"