Strange email virus claims...

[Qiranworms]

Strange thing has happened a couple times on my mother's (Windows based) computer.

Have gotten a couple emails that look something like this:

(Note: {domain} is cut out for privacy, as is {name}. Both of these are parts of her email address, though in the "To" occurance they come seperately strangely enough. "Perfora.net" is NOT her domain)

Quote:

Subject: Mail delivery failed: returning message to sender
From: Mail Delivery System: <mailer-Daemon@perfora.net>
To: SRS0=0hza=TL={domain}.ca={name}@srs.perfora.net

This message was created automatically by mail delivery software
NEMESIS/mout on mout.perfora.net[217.160.230.40].
The delivery of the mail below has failed due to the following reasons:

certqueen@gmail.com:
transmission rejected by 64.233.171.114
command : data transmission
response: 552 5.7.0 Illegal Attachment


-----------------------------------------------------------------

Received: from [206.108.5.67] (helo=certificatequeen.com)
by mx.perfora.net with ESMTP (Nemesis),
id 0MKvAI-1DTOLm2fZ7-0006L6; Wed, 04 May 2005 14:11:58 -0400
From: {name}@{domain}.ca
To: eahavta@certificatequeen.com
Subject: Re: Re: Thanks!
Date: Wed, 4 May 2005 14:11:59 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0003_00004A9C.00006EC5"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <0MKvAI-1DTOLm2fZ7-0006L6@mx.perfora.net>

The second one looked very different with reference to "filename="your_details.pif", which is quite obviously some sort of malware. The email address mentioned in the second one was more local, up to having our city in the domain name that she supposedly sent an email to.

None of the addresses had ever been heard of by any of us, and there is definitely no record of any of these emails ever being sent.

Norton Antivirus is provided for her as a corporate edition, and is updated and a scan was done. Spyware was also checked, though Thunderbird and Firefox are used as opposed to IE and OE and thus such threats may be less likely.

This sound like a virus? Email hijacked? This whole thing seems strange to me and I'm wondering if anyone here is familiar with such a situation and what it actually means, and possibly what action should be taken.

Thanks for any advice.

[fixyourdns]

Your email address is being spoofed,

FAQ: Spoof email