Educause Security Discussion mailing list archives

spoofed addresses?

From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Fri, 30 Apr 2004 16:28:20 -0500

Please tell me I'm not the only one...  We're getting a LOT of NDR's and blocked message receipts from different hosts 
and all sorts of weird things.  Typically they are messages carrying viruses circulating with our email addresses in 
the 'from' field.  See (scrubbed) message threads below.

I have scanned all suspected machines and never find any viruses or spyware or anything weird.   I've done scanning on 
the internal network, checked for vulnerabilities on all the servers and it doesn't seem like we're causing the 
problem.   My only assumption at this point is that our addresses are being spoofed. 

I see messages like these once a week.  Right now I can show my manager what isn't happening, but is there any way I 
can verify if the address is being spoofed?  Can I stop it?   Is there any hope?  I'm attempting to appease senior 
managers with black and white evidence so any insight would be appreciated.


Jake Barros



-----Original Message-----
From: (grace employee)
Sent: Friday, April 30, 2004 8:08 AM
To: Helpdesk
Subject: FW: Fax Message Received

Is this virus different? (Rhetorical. no response needed)  

I've never before had students respond asking if I sent the message to them. Several have responded.

It's really damaging my credibility!

(grace employee)
 

-----Original Message-----
From: (grace student)
Sent: Friday, April 30, 2004 1:04 AM
To: (grace employee) - Health Center
Subject: FW: Fax Message Received

(grace employee),
I was about to open your attachment when I realized it was named the same thing as the virus that has been 
circulating campus.  Then I realized that this really isn't like all the other e-mails you send to students.  
Did you really mean to send this?

(grace student)

        -----Original Message----- 
        From: (grace employee)
        Sent: Wed 4/28/2004 9:28 PM 
        To: (grace student)
        Cc: 
        Subject: Fax Message Received

        More info is in attach
        



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

spoofed addresses? Barros, Jacob (Apr 30)
- <Possible follow-ups>
- Re: spoofed addresses? Brent Sweeny (Apr 30)
- Re: spoofed addresses? Craig W. Drake (Apr 30)
- Re: spoofed addresses? Gary Flynn (Apr 30)
- Re: spoofed addresses? Bruggeman, John (May 01)