Some viruses/worms work by sending out e-mail by picking random addresses from the machine's address book and populating the To: and From: fields. Somebody with your wife's address in their address book (or she has an address the worm happened to ramdomly generate) has an infected machine that sent out e-mail using her address as the From: address. The To: address was invalid, so when the target e-mail server went to send an auto-response, it sent it back to the apparent sender, the one in the From: field.
It happened to me a couple years ago (although slightly different; the notifications I got were from the antivirus software on the target's e-mail server, telling me a message I sent [which I hadn't] had a virus). Fortunately there was enough information in the headers to track down the machine that sent it, and I could notify the person who owned that machine.
She can most likely safely ignore that message. And, of course, don't open the zip file; it's likely a copy of the sent message got bounced back, virus and all. |
