General discussion


messages from unknown sender

By lhAdmin ·
We're using Exchange 5.5, sp4 and Trend Micro virus scanning which shows
no viruses in our system. One of our users received a message from
someone they don't know and they said she sent them a message with a
suspicious attachment. She doesn't know this person or their email
address yet they forwarded a copy of the message she allegedly sent to
them. It definitely had her email address but she didn't send it. It
looked like a Klez variant (the subject was "How are you"). Any ideas on
how this happened?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

messages from unknown sender

by Joseph Moore In reply to messages from unknown sen ...

Sounds like TrendMicro does not have updated anti-virus definitions, if a Klez virus got through. Klez is only a couple month old or so.
I would check TrendMicro, and see how old the definitions are. Make sure the updating of the definitions is set to automatically run.

hope this helps

Collapse -

messages from unknown sender

by Don Christner In reply to messages from unknown sen ...

It's also possible that someone has stolen her ID. We were getting a lot of viruses from a workers sister, so we told her to tell her sister to send only to her home address. A month later, we received another virus from her sister. When she called her sister, she said that she had not even booted up her computer in several weeks!

You can read more about stolen email addresses at:


P.S. Remove any spaces that appear in the URL or just do a search on "stolen email address", use the quotes so you search for the phrase.

Collapse -

messages from unknown sender

by mtrahern In reply to messages from unknown sen ...

Here's an excerpt from This W32/Klez variant has the ability to spoof the email FROM: field. The senders address used by the virus, may be one that was found on the infected user's system. Thus, it may appear that you have received thisvirus from one person, when it was actually sent from a different user's system. Viewing the entire email header will display the actual senders address.

It sounds like your user's system is clean, but someone she knows has a virus on their machine and is sending out emails using her email address.

Collapse -

messages from unknown sender

by lhAdmin In reply to messages from unknown sen ...

Thanks for all the quick answers. I think that Klez answer hit it right on the nose.

Related Discussions

Related Forums