I've now gotten two emails from other newsgroup participants about
messages containing a worm or virus with my email address in the "From"
line. One was well-meaning, the other accusatory.

When a worm or virus infects a computer, it commonly sends itself to
addresses in the victim's address book. It forges other addresses from
the address book into the "From" and "Reply-to" lines. One thing you can
*always* count on is that a spam, worm, or virus email *never* comes
from the location in the "From" or "Reply-to" lines of the header. If
you've gotten one which has my address in one or both those lines, it
means simply that both our addresses are in the victim's address book.

Senders of spam also *always* forge return addresses, and sometimes use
a genuine address they've gathered at random, or occasionally use one
purposefully as a means to harass someone. Some time ago, a major
spammer decided to use mine for a while, and I got about 100 bounce
messages per day for a couple of months as a result.

If you want to help stop the spread of the worm, go to
http://www.spamcop.net/anonsignup.shtml. Click the link labeled "Learn
more about what to report and what not to report to SpamCop" and read
the section about viruses. Then sign up to use their automated spam
tool. It's able to parse through a forged header and detect the true
origin of an email message. Follow the directions for "Viruses" at
http://www.spamcop.net/fom-serve/cache/125.html. This will notify the
ISP that one of their customers' machines is infected, and enable them
to identify which machine it is.

Because my email address appears in a lot of address books, I see
infections from time to time in the form of bounce messages resulting
from the worm being sent to invalid addresses. There was a particularly
bad one a while back on some German ham's machine which got me a lot of
bounce mail. This one is apparently in the machine of someone who reads
this newsgroup or at least has occasion to email some of the participants.

Roy Lewallen, W7EL