RE: Email address spoof

["Benny Late" <lvmygop () hotmail com>]

Thanks to all for the great responses.  I'll put them into play.

B


> From: "Davis, Christopher - IT Security" <chrisdavis () ti com>
> To: Benny Late <lvmygop () hotmail com>
> CC: security-basics () lists securityfocus com
> Subject: RE: Email address spoof
> Date: Thu, 8 Apr 2004 06:42:58 +0530
>
> Here's a couple examples:
>
> Favorite is from Purdue:
> <http://admin2.soe.purdue.edu/support/emailstuff/email_virus/>
>
> ABOUT Email Spoofing Viruses
>
> Q: Why do I keep getting returned email messages and complaints from
> people that I am sending infected email messages that I did not send???
>
> A: The MyDoom and Klez email viruses, and variants, use random email
> addresses from an infected computer's address book in the FROM and TO
> fields of messages the virus sends.  Most likely the virus on someone
> else's computer has found your email address in an address book and used
> it in the FROM field as the virus replicates itself via email.  The
> messages look like they came from you, but they did not.  This is called
> email spoofing.  The insecure nature of email easily enables anyone to
> assume anyone else's email identity.  Not to worry, however.  If your
> Purdue anti-virus software has not complained about a virus on your
> computer, and you have not opened an email attachment, chances are good
> that your computer is not infected and you can tell people "it wasn't me
> who sent you that email message, it was someone pretending to be me in a
> parallel universe".  Or something like that.  J
>
> An overview of email spoofing from CERT:
> http://www.cert.org/tech_tips/email_spoofing.html
>
> News articles explaining more about email spoofing:
> http://reviews.cnet.com/4520-3513_7-5128949-1.html
> http://antivirus.about.com/library/weekly/aa042502a.htm
>
> ---
>
> Or according to Symantec:
>
> Alex is using a computer that is infected with W32.Klez.H@mm. Alex is
> either not using an anti-virus program or does not have current virus
> definitions. Both Beth and Chris have sent email to Alex in the past.
> When W32.Klez.H@mm performs its emailing routine, it finds the email
> addresses of Beth and Chris. It inserts Beth's email address into the
> "From" field of an infected message. It adds Chris's name to the "To"
> field and then sends the infected email to Chris. Chris then contacts
> Beth and complains that she sent him an infected message, but when Beth
> scans her computer, Norton Anti-Virus does not find anything--as would
> be expected--because her computer is not infected.
>
> Regards,
>
> Chris
>
>
> -----Original Message-----
> From: Benny Late [mailto:lvmygop () hotmail com]
> Sent: Wednesday, April 07, 2004 2:17 PM
> To: security-basics () lists securityfocus com
> Subject: Email address spoof
>
>
> Does anyone know of a good paper or source for an "user" explanation of
> email spoofing?  Need to explain to a group of users what is happneing
> and
> why?
>
> Many thanks,
> Benny
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from
> McAfee(r)
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
>
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------