RE: Email address spoof

["Davis, Christopher - IT Security" <chrisdavis () ti com>]

Here's a couple examples:

Favorite is from Purdue:
<http://admin2.soe.purdue.edu/support/emailstuff/email_virus/>

ABOUT Email Spoofing Viruses

Q: Why do I keep getting returned email messages and complaints from
people that I am sending infected email messages that I did not send???

A: The MyDoom and Klez email viruses, and variants, use random email
addresses from an infected computer's address book in the FROM and TO
fields of messages the virus sends.  Most likely the virus on someone
else's computer has found your email address in an address book and used
it in the FROM field as the virus replicates itself via email.  The
messages look like they came from you, but they did not.  This is called
email spoofing.  The insecure nature of email easily enables anyone to
assume anyone else's email identity.  Not to worry, however.  If your
Purdue anti-virus software has not complained about a virus on your
computer, and you have not opened an email attachment, chances are good
that your computer is not infected and you can tell people "it wasn't me
who sent you that email message, it was someone pretending to be me in a
parallel universe".  Or something like that.  J

An overview of email spoofing from CERT:
http://www.cert.org/tech_tips/email_spoofing.html 

News articles explaining more about email spoofing:
http://reviews.cnet.com/4520-3513_7-5128949-1.html 
http://antivirus.about.com/library/weekly/aa042502a.htm

---

Or according to Symantec: 

Alex is using a computer that is infected with W32.Klez.H@mm. Alex is
either not using an anti-virus program or does not have current virus
definitions. Both Beth and Chris have sent email to Alex in the past.
When W32.Klez.H@mm performs its emailing routine, it finds the email
addresses of Beth and Chris. It inserts Beth's email address into the
"From" field of an infected message. It adds Chris's name to the "To"
field and then sends the infected email to Chris. Chris then contacts
Beth and complains that she sent him an infected message, but when Beth
scans her computer, Norton Anti-Virus does not find anything--as would
be expected--because her computer is not infected. 

Regards,

Chris


-----Original Message-----
From: Benny Late [mailto:lvmygop () hotmail com] 
Sent: Wednesday, April 07, 2004 2:17 PM
To: security-basics () lists securityfocus com
Subject: Email address spoof


Does anyone know of a good paper or source for an "user" explanation of 
email spoofing?  Need to explain to a group of users what is happneing
and 
why?

Many thanks,
Benny

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from
McAfee(r) 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------