PC Virus and anonymous emails

I keep getting emails that seem to have a file attached to it that contains a virus. My norton antivirus seems to be deleting the attachment without even notifying or asking me before it deletes the attachment. I was wondering are there any anonymous email systems that allow users to send an email, attach a virus, and have them enter any email address in the "From" field?

I have recieved at least 10 of these emails and the header looks like this, here are two of these emails:


Return-Path: <i_am_tha_devil@hotmail.com>
Received: from cox.net ([66.75.74.69]) by lakemtai08.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>
for <XYZ@cox.net>; Sat, 13 Mar 2004 23:56:49 -0500
From: i_am_tha_devil@hotmail.com
To: XYZ@cox.net
Subject: information
Date: Sat, 13 Mar 2004 20:56:50 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="17003074"
Message-Id: <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>

--17003074
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

your name is wrong

--17003074
Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"

Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiByZWxlYXNlLnppcC4N
ClRoZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNo
bWVudC4=
--17003074--









Return-Path: <sales@parsfootball.com>
Received: from cox.net ([66.75.74.69]) by fed1mtai05.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>
for <XYZ@cox.net>; Sat, 13 Mar 2004 05:40:38 -0500
From: sales@parsfootball.com
To: XYZ@cox.net
Subject: fake
Date: Sat, 13 Mar 2004 02:40:38 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="32714488"
Message-Id: <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>

--32714488
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

you are a bad writer

--32714488
Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"

Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBtaXNjLmV4ZS4NClRo
ZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNobWVu
dC4=
--32714488--

dont register ur email address when signing up for stuff, dont post ur email address on the internet. then you should be fine.

These are all Win32.Netsky.B worms I think - I'm getting loads of them too. There must obviously be a way people can just enter in any email address they like - they can't possibly actually register all of these hotmail addresses. Besides, I've had lots from legitimate addresses (like sales@nero.com) who I know have definitely not sent me the virus.

well I just got an email with a "text.pif" in my Yahoo! inbox, and when I went to scan/download it, it said it found a "W32.Beagle.M@mm" virus, and that I was not allowed to download it. Ah....Imagine...trying to infect my linux box with a win32 virus...through two different firewalls and a packet-monitoring daemon .. I laugh at the insecurity of M$...ha ha....
Yea, mine came from brorie@adelphia.net, whom I don't know.

Yeah - those .pif files are driving me nuts. I never seem to see the end of them.

Does Norton know that it is supposed to be, not plain/text? lol...

I've gotten a slew of .pif attachments of late, all through the email adress I registered with cpan.org (I really should make something else for that since there's no way to hide it).

As far as who's in the From: field, you first need to understand how SMTP works. In short, is one of the most absurdly insecure protocols I'm aware of. When you fill out that idetification field in your email client, you can put whatever address you want in there. Anyone who's sent mail from a script knows that the From: field is just something you fill out, it has nothing to do with who it actually came from. You have to read the mail headers and find the IP of the mail server, then contact the server's admin with a time and message and hope he's got logs of who connected then to send the message. Get that IP and keep tracking backwards until you theoredically get to a person or company, which ain't bloody likely. All these pif's running around are likely virus-generated, and not human-sent, so that makes things even worse. You can find the computer that sent it, but the owner/operator has no clue it was going on. What gets me is that people click on these things called "document.pif" from some random sender. *sigh* if only everyone in the world was just like me...

What gets me about spam is that it sure is cheap to create, but it still costs something. They wouldn't do it if it didn't work. As much as everyone seems to bitch about unwanted mail, there's enough people out there that send money for cheap viagra, cable descramblers, and all that porn that they keep harvesting more addresses and sending more out.

Even if you don't post your email around, it still can come from infected computers of people that added your email to their address books, such as in outlook. I try to keep those emails by not adding them or adding a little modification to the email address itself so it doesn't go to the person, just in case.

I don't mean to be any kind of preachy/religious or instigate any kind of microsoft bashing (really, I'm serious), but the best way I've found to avoid viruses is to simply not use outlook (express). In windows, I run no virus protection, haven't for a long time, but I used Eudora. Viruses never ran (though the attachments were always downloaded automatically), and even if they did, they'd never get into my address book and populate themselves.

On the subject of evil emails, I love the ones that perpetrate themselves as the admin at whatever the mail domain is...when I'm the admin at the mail domain and the account is always support@, staff@, administrator@ or some other address that doesn't even exist. Yep, problems with the mail system, I'll be sure to run that release.exe you attached.

heh I read that google keeps getting spam saying that they noticed they aren't in a lot of the major search engines and that they should signup to a sumbittal program... lmao

One really annoying thing is when emails containing viruses are sent from my email address. These spammers have got hold of my personal address and are using it to send viruses around. I've had automated replies from companies thanking me for my email, but saying that their virus software automatically removed the attachment that I had attached.