Dear McAfee,
Thanks for the e-mail advertising your products to help me remove viruses from my computer. I’m sure they would be very valuable. However, I think you may have made a slight mistake.
I never sent you this message containing the virus.
You say:
From: Virus Research
To: chromatic
File Name Findings Detection Type Extra
--------------------|------------------------------|----------------------------|------------|-----
document0.pif |current detection |w32/netsky.t@mm |Virus |no current detection [document0.pif]
The file received is infected and can be detected and removed with our current DAT files and engine. This indicates that you believe that I sent you a message containing the W32/Netsky virus. According to several vendor web sites — including your own, this virus spoofs the From: address.
I don’t want to get too technical here; mail is complex stuff.
When a virus “spoofs” an address, it makes up a “fake” one and uses that instead of the real one.
A “fake” address is not real. That’s why we call it a fake one.
If it’s not real, the mail did not really come from the person with that address.
I know, I know — that’s a lot of complicated words (or “jargon”). Unfortunately, I can’t make it much simpler than that without resorting to caveman-like pointing and grunting. (OGG NO SEND YOU MAIL; OGG NO USE WINDOWS. OGG NO HAVE FLEAS. WHY YOU HATE OGG?)
The point, however, is simple. You are smart enough to recognize that the mail you received contains a virus. You are smart enough to recognize the particular type of virus. At least the part of your company that writes reports on these viruses is smart enough to know that the From: line in the message does not actually reflect the actual sender of the message.
Why, then, autorespond to spoofed addresses? Surely you’re smart enough to realize that responding to a random address would give you a better chance of hitting the addressee! (Might I suggest disassembling a virus to find a good algorithm for choosing random e-mail addresses — I hear that W32/Netsky does that pretty effectively. I’d send you a copy if I had one, but unfortunately I don’t. Sorry.) The only thing you do know about the From: address is that it’s wrong.
I’m sure you’re very proud of your product. I certainly can’t recognize a virus by looking at it. However, that one little flaw makes me distrust it just a little bit.
Again, thanks for the unsolicited commercial e-mail. I’m really not sure what you want me to do with it, but I know you had the absolute best of intentions in sending it to me.
Please don’t do it again.
Great story ;-)
It would be fun to get a reply from McAfee regarding this. That is if you actually sent them this email in the first place.