Hey man, I wouldn’t worry too much about someone trying to impersonate ya... it’s just a virus : )
I received an email from a spoofed sender, containing an attachment called "your_details.zip" which contained a *.pif file. My computer is configured to open any files with unknown extensions in Wordpad, so I double-clicked on the PIF file to see what it contained. Little did I know, Windows uses PIF as a pseudo-executable format, and it turned out to be a virus, the W32/Sobig.e@MM worm to be exact. It extracted itself into a file called winssk32.exe in my Windows directory, and started running.
You can read the details and removal instructions here:
http://vil.mcafee.com/dispVirus.asp?virus_k=100429
But basically, it’s just one of those annoying worms that doesn’t do anything but replicate. It scans text documents on your PC, looking for any email addresses it can find. It then uses its own built-in mail-sending engine to send itself to those addresses, and usually creates a fake From: address.
However, the scary aspect of this one is that it listens on UDP ports 995 and 999, presumably waiting for instructions to do some actual damage to your computer... or more likely, to launch massively coordinated zombie attacks on some big, important server somewhere on the net.
So the fix is, update your antivirus software and do a full system scan, or download the "Stinger" tool from the above URL, which will remove it for you. I opened the Task Manager and stopped the winssk32.exe process, then deleted the file, did a full system scan, and finally ran nmap from my linux box to make sure that nothing was listening on ports 995 or 999.
Of course, if you were smart and deleted the email, instead of opening the zip file and running the PIF inside it as I did, then you don’t have to worry.
