Security Basics mailing list archives
RE: Email address spoof
From: "Davis, Christopher - IT Security" <chrisdavis () ti com>
Date: Thu, 8 Apr 2004 06:42:58 +0530
Here's a couple examples: Favorite is from Purdue: <http://admin2.soe.purdue.edu/support/emailstuff/email_virus/> ABOUT Email Spoofing Viruses Q: Why do I keep getting returned email messages and complaints from people that I am sending infected email messages that I did not send??? A: The MyDoom and Klez email viruses, and variants, use random email addresses from an infected computer's address book in the FROM and TO fields of messages the virus sends. Most likely the virus on someone else's computer has found your email address in an address book and used it in the FROM field as the virus replicates itself via email. The messages look like they came from you, but they did not. This is called email spoofing. The insecure nature of email easily enables anyone to assume anyone else's email identity. Not to worry, however. If your Purdue anti-virus software has not complained about a virus on your computer, and you have not opened an email attachment, chances are good that your computer is not infected and you can tell people "it wasn't me who sent you that email message, it was someone pretending to be me in a parallel universe". Or something like that. J An overview of email spoofing from CERT: http://www.cert.org/tech_tips/email_spoofing.html News articles explaining more about email spoofing: http://reviews.cnet.com/4520-3513_7-5128949-1.html http://antivirus.about.com/library/weekly/aa042502a.htm --- Or according to Symantec: Alex is using a computer that is infected with W32.Klez.H@mm. Alex is either not using an anti-virus program or does not have current virus definitions. Both Beth and Chris have sent email to Alex in the past. When W32.Klez.H@mm performs its emailing routine, it finds the email addresses of Beth and Chris. It inserts Beth's email address into the "From" field of an infected message. It adds Chris's name to the "To" field and then sends the infected email to Chris. Chris then contacts Beth and complains that she sent him an infected message, but when Beth scans her computer, Norton Anti-Virus does not find anything--as would be expected--because her computer is not infected. Regards, Chris -----Original Message----- From: Benny Late [mailto:lvmygop () hotmail com] Sent: Wednesday, April 07, 2004 2:17 PM To: security-basics () lists securityfocus com Subject: Email address spoof Does anyone know of a good paper or source for an "user" explanation of email spoofing? Need to explain to a group of users what is happneing and why? Many thanks, Benny _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee(r) Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Email address spoof Benny Late (Apr 07)
- Re: Email address spoof Brad Arlt (Apr 08)
- <Possible follow-ups>
- RE: Email address spoof Davis, Christopher - IT Security (Apr 08)
- RE: Email address spoof Benny Late (Apr 08)
- RE: Email address spoof Bob Tupper (Apr 08)