Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Congratulations, You're Infected!

Imagine my surprise and consternation when an email with the subject line "Your computer is infected with the W32/Nimda@MM (Nimda Virus)" showed up in my inbox the day after I'd been through all of the work necessary to make sure my desktop wasn't infected! I'd like to quote the message I received in its entirety:

"Your computer is infected with the W32/Nimda@MM (Nimda Virus).

We are receiving constant emails from you with virus attachments. Please do not send us any more emails without first cleaning your computer with the latest antivirus program.

We recommend that you immediately clean your system and do not use the internet or email until you have cleaned your system with the latest McAfee or Norton Antivirus scans with most recent virus definition files."

So now I'm thinking to myself. "Ouch! I got hit last night and got infected despite my best efforts to avoid this beast." But reading further into the email, I see that the message is from a company I've never heard of before. I know that Nimda sends email to all addresses in Outlook's address book, so I take a quick look into that address book. Unable to find an entry for the company, I use the Find command to determine that their domain name occurs nowhere in any of my address book entries. As a double-check, I call a couple of colleagues with whom I exchange email regularly and ask them if they've gotten any infected email from me in the past 24 hours. Not a one reports seeing anything untoward.

In case you're wondering why I didn't just check my Sent Mail folder to look for records of unwanted or unintended outgoing messages, remember Russ Cooper's analysis of Nimda. Among other things, he indicates that Nimda uses its own SMTP engine and therefore can't leave any traces of its activities within other email clients. That's what made this final check necessary.

Unfortunately, my analysis leads me to the inescapable conclusion that some company is sending bogus email messages to individuals reporting a virus infection. After a second concerted attempt to locate and eradicate that virus turned up no evidence that such an infection exists, I'm as sure as I can be that my machine is not infected. I've seen some sophisticated spam in my 13 years as a regular Internet email user, but this one takes the cake. Although I don't want to go into my reflections on the lack of morals or ethics that this kind of behavior could indicate, I'll just say that I think this kind of behavior is downright reprehensible. This leads me to conclude this diatribe with some advice on dealing with reports of virus infections, knowing that not all such reports will necessarily be true.

  • + Share This
  • 🔖 Save To Your Account