Attrition Security Rant: Anti-Virus Companies: Tenacious Spammers:
"For roughly three years, the Internet has seen worms that spread via e-mail, often taking addresses out of the infected machine's web cache, user addressbook or other sources. Some of these worms will also forge/spoof the 'From:' line so the mail appears to be from someone else, in an attempt to make the mail more 'trusted'. To be clear, here is a sample timeline of how these work:

EvilGuy01 writes and releases a new worm.

Fred is a moron and clicks on an attachment from a stranger, infecting his machine.

The worm mails a copy of itself to everyone in Fred's addressbook.

The mail sent out spoofs the headers of the mail so it may be 'From: George' or 'From: Sally'.

Tom gets a copy of the mail 'From: Sally' and clicks on the attachment, infecting himself.

Tom sends mail to Sally complaining about her evil shenanigans.

Sally replies to Tom with 'd00d WTF?! lol' since she never sent the mail. "

How enterprise AV systems add to the Internet traffic

But wait, it gets worse. Even if friends and family understand that I likely did not send them a virus, some enterprise antivirus program with built-in return messages will state emphatically that I have a virus. Here's how that works: As the forged e-mail enters their enterprise system, that system bounces it back to the apparent sender with a message that authoritatively states, "You are infected with XXX virus." I have hundreds of these bounced e-mail messages claiming that I am infected with MyDoom.f, Netsky.d, or Bagle.c. I'm not.

In the middle of an e-mail virus outbreak, messages such as these--originally intended to provide a useful service--only add to the Internet traffic jam. Brian Martin, a.k.a. Jericho at Attrition.org, wrote a thorough critique of the current methods being used, complete with examples. His conclusion? System administrators need to turn off this "helpful" feature if they haven't already.

Unfortunately, the spoofing problem itself lies deep under the hood of the Internet, within SMTP, Simple Mail Transfer Protocol, the Internet protocol used for sending e-mail. SMTP was created many years ago and lacks a modern method for verifying the authenticity of the sender. With a little finesse, almost anyone can manipulate the header information on an e-mail message to disguise its true origin and make it appear as though someone else sent you a message.

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html?tag=adss

http://www.attrition.org/security/rant/av-spammers.html