Odd spam / virus - comments ?

["Peter Galbavy" <peter.galbavy () knowtion net>]

OK - As a knowledgeable bunch, maybe you lot can give me pointers.

A customer / friend phoned me last night saying that I sent him a virus by
e-mail. Now, I am far more careful than that - at least I hope. It turned
out that it wasn't me, but a forgery. Now, that is not unusual, but what is
that the recipient is someone I know.

I have come up with the following theories:

1. Clever virus distributor. Someone has e-mail address lists and is looking
up MX records for senders and recipients and then matching the two, on the
assuption that the MX for the recipient will accept mail from someone whose
mail transits the same system, and that there may be a level of 'trust' in
the recipient for a sender who uses the same MX relays.

2. Accident. It is just bizarre that someone is forging mail from me to
someone I know. But then I would be getting many more complaints from
complete strangers. I am not.

Anyone seen 1. in active use ?

Headers below - nothing confidential AFAIK - apart from e-mail addresses
that are already 'public'.

Peter

Return-path: <peter.galbavy () knowtion net>
Envelope-to: jason () somadata com
Delivery-date: Mon, 25 Mar 2002 16:56:14 +0000
Received: from acba293e.ipt.aol.com ([172.186.41.62] helo=Xvfem)
 by mailstore-1.mail.knowledge.com with smtp (Exim 3.33 #1)
 id 16pXl2-00003E-00
 for jason () somadata com; Mon, 25 Mar 2002 16:55:45 +0000
From: peter.galbavy <peter.galbavy () knowtion net>
To: jason () somadata com
Subject: Introduction on ADSL
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary=Sy82oU85e2CI78a2nsl20
Message-Id: <E16pXl2-00003E-00 () mailstore-1 mail knowledge com>
Date: Mon, 25 Mar 2002 16:55:45 +0000
Status: