Some of my users, who should only by accessing their mail via the IMAP web interface appear to be getting bounces indicating that they are sending out the virus messages, you know, the ones with the *.pif file and subject lines of "Thank You!" and "My Details" etc. Obviously, these mails are being forged.
Question is, does anybody know if IMAP users are vulnerable to this thing?
I do have a user who may have accessed his mail via POP and Outlook Express. I'm guessing that may be how this starting. The virus was able to get his addressbook. ??
Also, anybody know how one might go about stopping the forged mails? What little I know about this stuff, I'd think not.. but then again I don't know.. :-)
I'm pretty sure that the email addresses used for sending out those pif files were harvested from web forums and such, not from address books. I've been getting bounces for an address I set up for use in the MozillaZine forums. I highly doubt that anyone put that address in an address book as the only email I've received to that address (aside from viruses/spam) has been from the forum itself (reply notifications, etc.). As for stopping forged mails, there isn't really anything you can do. It's unfortunately really easy to send email fake/forged addresses either with open relays or by running your own mailserver. (People in my high school loved to send mail as god@heaven.org or satan@hell.com all the time) -- trey