[Dshield] Clever Virus or Coincidence?

David Sentelle David.Sentelle at cnbcbank.com
Mon Mar 22 15:09:42 GMT 2004

I'm scanning the machines at the moment, but an odd thing happened this
weekend.  We got viruses in our email.  Of course, that's not the weird

The weird part was that the spoofed sender's address was an internal
user's address.  I don't expect that I've actually got an infected
machine, as the source in the headers was an external machine and the
virus got stripped by our mail scanner.  I'm still scanning both the
sender's and receiver's PCs.

Its made me wonder though, if a new or existing virus's logic is to
match up email addresses based on domain, and to spoof one user's
address when sending viruses to other users in that domain.  For
corporations at least, this should yield a much higher infection rate,
as who doesn't trust internal company email?

More information about the list mailing list