Microcomputer Services

Virus-generated E-mail Messages

Receiving an e-mail "non-delivery notice" (also known as a "bounce message") for a message you did not send can be startling. Some users assume their computers or e-mail accounts are infected with a virus.

Fortunately, the reality is more optimistic.

Several viruses will attempt to infect other computers by sending copies of themselves via e-mail as attachments. To cover the tracks, these viruses forge the "FROM:" line in the messages they send, making these e-mails appear as if they are coming from someone else. Often the recipient's e-mail server will reject the message (since it contains a virus) and return it to the "sender", who, in reality, didn't really send the message anyway. We call this "backscatter".

Here is an example of a backscatter message. The message was originally created by a computer infected with NetSky:

This message says a UO employee sent a virus-laden email message to a user in Poland.

Reality: This message was created by the NetSky virus. It forged the "FROM:" line by inserting the UO employee's email address. The virus then picked a random recipient. When the message was sent, a virus-scanner blocked the message and sent the virus warning to the "original" sender, who did not send the message in the first place.

he message looks legitimate, so how do we know its backscatter?

First, is the address in the "To:" line someone you know? If not, it's probably backscatter.

Second, does the subject line or attachment something you have included in e-mail messages? If not, it's probably backscatter.

What Do I Do About These Messages?
The best response is to simply delete the message.

We encourage our users to keep their computers secure. For more information, see our Windows Security page.

For additional assistance, please contact our Help Desk.