Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spoofed addresses?

From: Brent Sweeny <sweeny () INDIANA EDU>
Date: Fri, 30 Apr 2004 16:41:29 -0500
yes, you're not the only one.
if you can get full headers of the sent messages from the recipients,
you may be able not only to show that they were spoofed, but perhaps
also find out what addresses they originated from (if that part of the
header wasn't also spoofed).

On Fri, Apr 30, 2004 at 04:28:20PM -0500, Barros, Jacob wrote:

Please tell me I'm not the only one...  We're getting a LOT of NDR's and blocked message receipts from different 
hosts and all sorts of weird things.  Typically they are messages carrying viruses circulating with our email 
addresses in the 'from' field.  See (scrubbed) message threads below.

I have scanned all suspected machines and never find any viruses or spyware or anything weird.   I've done scanning 
on the internal network, checked for vulnerabilities on all the servers and it doesn't seem like we're causing the 
problem.   My only assumption at this point is that our addresses are being spoofed.

I see messages like these once a week.  Right now I can show my manager what isn't happening, but is there any way I 
can verify if the address is being spoofed?  Can I stop it?   Is there any hope?  I'm attempting to appease senior 
managers with black and white evidence so any insight would be appreciated.


Jake Barros



-----Original Message-----
From: (grace employee)
Sent: Friday, April 30, 2004 8:08 AM
To: Helpdesk
Subject: FW: Fax Message Received

Is this virus different? (Rhetorical. no response needed)

I've never before had students respond asking if I sent the message to them. Several have responded.

It's really damaging my credibility!

(grace employee)


-----Original Message-----
From: (grace student)
Sent: Friday, April 30, 2004 1:04 AM
To: (grace employee) - Health Center
Subject: FW: Fax Message Received

(grace employee),
I was about to open your attachment when I realized it was named the same thing as the virus that has been
circulating campus.  Then I realized that this really isn't like all the other e-mails you send to students.
Did you really mean to send this?

(grace student)

        -----Original Message-----
        From: (grace employee)
        Sent: Wed 4/28/2004 9:28 PM
        To: (grace student)
        Cc:
        Subject: Fax Message Received

        More info is in attach


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: