invalid MAILER-DAEMON messages

[CHERN]

Over the past few weeks, several computers in our car dealership have been receiving mail from 'MAILER-DAEMON@(various addresses I have never heard of)'. In the subject line it will say something like 'Undeliverable Mail:". The message itself says that we sent something to the address that the MAILER-DAEMON came from and it was not able to be delivered. No one has ever sent anything to any of the addresses. Also, we get similar emails within our network that look like this.

Mail Delivery Subsystem....
unable to deliver mail
To: service@beatriceford.com
From: parts@beatriceford.com

We do not email from office to office, so these emails are not valid.
Each email contains a suspicious attachment, that I have notified everyone not to open. The accounts that have this problem receive about 50 of these emails per day. I ran Norton virus scan on every computer and all say that they are virus-free. It seems as though it is some I-Worm that cannot be detected. Can someone PLEASE help me? Any information what-so-ever would be greatly appreciated. THANKS

 

[carrr]

They'll stay virus free as long as your staff leaves the attachments in the emails you're RECEIVING alone.
Some machine on the outside is sending infected emails to your systems...it could be an employee's home machine, a client's machine (anyone who had your email address), or an infected machine on the outside could have picked it up through various other avenues. The important thing is that you keep your guard up. Just because you're receiving compromised mails doesn't mean you're infected.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[2ffat]

Along with carrr's comments, several new virii are using this Mailer-Daemon spoof to try and spread themselves. You did the right thing in telling everybody to not open them. I suspect that someone with some of your email address in their contact list is infected and not necessarily you or your company.

James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[jmaddone]

Also a virus will sometimes "spoof" your email address to send the virus out to other people. Even though you didn't send the email, it returns an email saying you sent it. Usually they get your address from someone that was infected by the virus, and had your email address in their address book. As they said above, update the virus detector and be wary of atachments.

 

[Kesser]

Sounds like netsky to me, trying it's luck..... I have found that you will be targeted for a few days and left alone for a while, then targeted again - it's nothing to worry about if no-one opens the attachments. Kes

 

[rothin]

All above concepts are helpful.Donot execute any attachments of suspicious mails & simply shift delete them upon arrival.
If u have a big network over ms exchange & receiving spams on ahigh rate..u can go for Sybari Anti spam defence system...it is potential enough to keep ur infrastructure clean n smooth.

 

[bfralia]

Netsky, Dumaru and a buncch of virii use the spoofing method to spread. Who ever has the virus also has your e-mail address in their address book. Virii are being sent out with yours and everyone elses e-mail addresses as the senders. It never seems to have the actual senders e-mail addres in the from box.

I'm amazed at how many e-mails I get with Netsky infected attachements. With all the free removal tools and even free anti-virus software around (AVG), you'd think it would have expired by now. Our company e-mail server still gets and blocks several hundred a day.

 

[tolstoy65]

I'm currently receiving about 300 of these Mailer Daemon failure notices every day to Outlook Express and have done for a few days. Although they are a pain to delete, the problem I have is that I cannot receive ano other emails from external users.

Any thoughts on the cause?