Strange email - virus?

I received this email today in the guise of an undeliverable email. i only recognise my email address in it, no others. I haven't corresponded with anyone listed in the header. I'm using XP, Pocomail, Kaspersky and Sygate and I seem to get a lot of infected emails recently, all of which are caught by Kaspersky AV and then deleted by me immediatley. Any ideas what it is?

---------------------------------------------------------
From:
Mail Delivery System <MAILER-DAEMON@iwhome.com>

Subject:
Undelivered Mail Returned to Sender

Date:
Tue, 23 Mar 2004 07:38:34 -0700 (MST)

To:
<jonathan@yahoo****>







This is the Postfix program at host iwhome.com.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

                        The Postfix program

<golda@localhost>: data format error

A T T A C H E D   F I L E S   I N L I N E   D I S P L A Y

Attached text follows, filename: att25.txt


Reporting-MTA: dns; iwhome.com
Arrival-Date: Tue, 23 Mar 2004 07:38:30 -0700 (MST)
Final-Recipient: rfc822; golda@localhost
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; data format error

Attached message follows, filename: Attached message31.eml

Received: from iwhome.com (unknown [160.99.53.201])
        by iwhome.com (Postfix) with ESMTP id BD2C4351158
        for <gberns@iwhome.com>; Tue, 23 Mar 2004 07:38:30 -0700 (MST)
From: jonathan****@yahoo****
To: gberns@iwhome.com
Subject: Re: Re: Message
Date: Tue, 23 Mar 2004 15:39:31 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0011_000050D8.00000479"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040323143830.BD2C4351158@iwhome.com>
Your document is attached.


PocoMail: Encoded attachments present, please open the messagefile:///C:\Program Files\PocoMail3\Attach\Attached message31.eml to view them:

message_details.pif

 

I would say this is a bounce from a mail sent to a postfix mailserver (linux...) with a forged sender e-mail address (yours). Probably originated from a worm that used your email address. I would not bother.
It looks like the worm was caught by a mailscanner at iwhome, since the attachment looks like the text message the mailscanner inserts in th email.

btw: bounce means that the worm sent the message to a non existing email account, the mailserver replies to the presumed sender (ie you).

 

160.99.53.201 This IP is from a yugoslavian university, does it look familiar to you?
Further the message says there is a message.txt attached, but it is not, a message_details.pif is attached.
Might be the infection itself. So don't open that part by no means, you might like to look in the message source however and recognise the kind of code soon enough.
Did you scan the message and attachment? You might like to carefully copy it outside the email and go to www.kaspersky.com/remoteviruschk.html and submit it there online to have an answer in just a few seconds what it is. If i do such things i make sure the attachment is either renamed in something which can't run like adding .txt or .tmp to it or zip it.

Do you get many from the same sender or domains? Might be somebody else who has you in the addressbook is infected or harvested her/himself etc etc. Guess we all get the kind of bounces. It will stop if the infected senders clean out or their systems crash if not cleaning soon enough. It might be the "golda" in the header is harvested as well and not responsible for the bounce either.
Frustrating part you don't know who to block or to warn, only maybe the IP address might be real.
Can only look at the things and try to keep clean, deleting them from your system as soon as possible and forward anything undetected but suspicious to the av/at developers to get expert advice where possible.

 

Thanks for the help. I don't recognise anything to do with the sender and upto now I haven't had an infected email from anyone I know, they've all been from strangers with an attachment named *something*.pif. My Kaspersky AV screams virus and it goes straight in the bin, as does any email from someone I don't know with subjects that have nothing to do with me and dodgy attachments.

I assume if it's a bounced email with a forged address (mine) then it means I'm not infected?