question about viruses, worms, and Macs

[izzarina]

I have NEVER had a virus or worm or anything on my computer, and I've always assumed it was because I have a Mac. I don't think I have one at the present time, but I've gotten a couple of strange emails. First this:

From: amavisd-new <postmaster@mailsrv.amplex.net>
Date: Thu Feb 17, 2005 8:51:27 PM US/Eastern
To: <izzarina@earthlink.net>
Subject: VIRUS (Email-Worm.Win32.NetSky.d , Email-Worm.Win32.NetSky.d ) IN MAIL FROM YOU

VIRUS ALERT

Our content checker found
viruses: Email-Worm.Win32.NetSky.d , Email-Worm.Win32.NetSky.d
in email presumably from you (<izzarina@earthlink.net>), to the following recipient:
-> ****@ohvateachers.org

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!


For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <izzarina@earthlink.net>
From: izzarina@earthlink.net
To: ****@ohvateachers.org
Subject: Re: Details
Date: Thu, 17 Feb 2005 20:51:23 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_00007935.00003998"
X-Priority: 3
X-MSMail-Priority: Normal
-------------------------- END HEADERS ------------------------------
Reporting-MTA: dns; mailsrv.amplex.net
Arrival-Date: Thu, 17 Feb 2005 20:51:26 -0500 (EST)

Final-Recipient: rfc822; ****@ohvateachers.org
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=bHjOyR6R - VIRUS: Email-Worm.Win32.NetSky.d , Email-Worm.Win32.NetSky.d
Last-Attempt-Date: Thu, 17 Feb 2005 20:51:27 -0500 (EST)
From: izzarina@earthlink.net
To: ****@ohvateachers.org
Subject: Re: Details
Date: Thu, 17 Feb 2005 20:51:23 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_00007935.00003998"
X-Priority: 3
X-MSMail-Priority: Normal

and then this:

From:
From: ****@freedmanconsulting.com
Date: Thu Feb 17, 2005 8:53:17 PM US/Eastern
To: izzarina@earthlink.net
Subject: Re: Your document

There are no users on this server for whom you sent this email!!!!

I have never heard of either email address (I left the addresses in basically, but took out the names....if I should have deleted those before posting, let me know. I was only keeping them in for reference), and have never sent them anything in my life. Are they spam, or should I be worried? Is there a chance that I am somehow infected? Or am I just in an affected person's address book?

[emmline]

Spamlycrap. ignore it.

[Feadan]

Many viruses spoof email addresses to hide where they are really coming from. Somebody with your email address stored on their machine has a virus. Just yesterday I got an email supposedly from Tyghress with an attachment (guupd02.com). Obviously somebody we both know from Chiff & Fipple has the virus W32/Bagle.bl@MM on their PC just as someone you know has Worm.Win32.Netsky.d

Cheers,
David

[GaryKelly]

Crap indeed but not spam really. These days, worms and viruses "spoof" email addresses before they transmit themselves to the next host. So to the automated anti-virus software, the infected email seems to have come from you but in reality it hasn't.

Worms and viruses are not like the palm tree.

[izzarina]

Worms and viruses are not like the palm tree.

I would like to be like the palm tree, but this whole thing is making me very stressed
So what you all are saying is that it IS a virus, but it WASN'T from me, right? Are either of these viruses Mac viruses? Or are they Windows type ones only? Grrrrrr....I hate this.

[GaryKelly]

Windows infection, the "Win32" bit of the name gives it away somewhat.

Izzy. Breathe. Relax. That email you got came from a server (equipped with anti-virus software) which the virus/worm tried to infect. The virus/worm was only pretending to have come from you so that its real source couldn't easily be traced.

The antiv-virus software is dumber than the virus, so politely sent you a 'warning' email that it thought you might appreciate (if you had sent the email, you'd like to know you were infected, right?). But being dumb, it believed the virus when it was told the mail had come from you.

It doesn't mean you're infected, or that anyone you know is infected. The things can generate their own "spoof email addresses" and "xxxx@earthlink.net" is a common one, so is "@yahoo.com", and "@hotmail.com" etc.

Be the palm tree, Izzy-duderess, be the palm tree...

[jen f]

So what you all are saying is that it IS a virus, but it WASN'T from me, right? Are either of these viruses Mac viruses? Or are they Windows type ones only? Grrrrrr....I hate this.

Right, it WASN'T from you. It was from someone you have corresponded with in the past who has your e-mail address in their address book. Just delete it and forget about it.

I think all the worm viruses are Windows only.


Edit: I see Gary posted first; his explanation is better than mine!

[chas]

I can't think of a documented case of viruses spreading throu Macs. If you could write a virus that can infect 90% of the machines or one that can infect 5%, which would you do? That is if you're not a Unix geek.

Of course that doesn't prevent Norton from selling anti-virus software to Mac owners -- thing is, if Windoze machines are thoroughly protected, but Macs aren't, then virus writers will start attacking Macs.

[GaryKelly]

Of course that doesn't prevent Norton from selling anti-virus software to Mac owners

The rational behind selling AV products to Mac and *nix users is that while it's true that Macs and *nix users are exceptionally low-risk for infection, their mates who run Windows PCs aren't... so the idea is that the AV software on the Mac or *nix box will prevent the virus being re-transmitted to your Windows-using friends (even though it won't infect you).

[izzarina]

Thank you all....I do feel much better now. Turns out that the worm is a .exe file anyway, which Macs just don't do. But I was stressed for a bit there.
I am so the palm tree......

[Caj]

I can't think of a documented case of viruses spreading throu Macs.

There used to be the old MS Word macro virus, which also worked on MacIntosh versions of MS Word. It couldn't really spread itself to other computers from a Mac, but there you go.

Of course that doesn't prevent Norton from selling anti-virus software to Mac owners -- thing is, if Windoze machines are thoroughly protected, but Macs aren't, then virus writers will start attacking Macs.

Let 'em try. MacOS X is a pretty secure OS. It isn't just the unpopularity that makes it virus-free.

Caj

[RonKiley]

For thos e that think there are no viruses that target MAcs check this site. Especially section 7.1

http://www.faqs.org/faqs/computer-virus/macintosh-faq/

Ron

[dapple]

I have received a few similar-looking e-mails, izzarina. I asked one of the techies where I work why I would have received returned e-mails from an e-mail address that I don’t know when I wasn’t the originator to begin with, and he told me that spammers use e-mail address of other people, like you and me (probably selected at random), for the return addresses on the spams they send so that they do not have to deal with a large volume of returned e-mails. In other words, they are having trash that they created dumped in your yard because they don’t want to deal with it.

[Caj]

For thos e that think there are no viruses that target MAcs check this site. Especially section 7.1

http://www.faqs.org/faqs/computer-virus/macintosh-faq/

I wonder if there's anything newer. This seems to be a FAQ for the old MacIntosh OS, e.g. system 6, system 7 etc. It was as susceptible to viruses as any other single-user OS.

The old MacOS wasn't much in terms of stability either. The OS offered no protection from programs that went haywire---versus Windows, which had proper multitasking in 95.

Caj