Spoofing occurs when a random entry in an address book, or other file, on an infected PC is selected by a Worm to act as the apparent 'sender' of messages destined for the inboxes of innocent users around the world. In the inboxes of these innocent PC users, this spoofed name appears on the 'From' line of email messages as sent by the infected PC. Rarely does the name on the email, meant to spread infection, indicate who the owner of the infected machine really might be.

A result of spoofing is that the randomly selected spoofed 'sender' will receive messages from administrators of domains around the world indicating that an email they sent could not be delivered for some reason. The spoofed sender did not actually send any messages. The administrator of the domain that received the infected messages does not know this and can only send a notice to the individual who is the most likely suspect: the person whose name is on the 'From' line of the infected email message.