Home page logo
/

basics logo Security Basics mailing list archives

RE: Email address spoof
From: "Benny Late" <lvmygop () hotmail com>
Date: Thu, 08 Apr 2004 08:57:53 -0500

Thanks to all for the great responses.  I'll put them into play.

B


From: "Davis, Christopher - IT Security" <chrisdavis () ti com>
To: Benny Late <lvmygop () hotmail com>
CC: security-basics () lists securityfocus com
Subject: RE: Email address spoof
Date: Thu, 8 Apr 2004 06:42:58 +0530

Here's a couple examples:

Favorite is from Purdue:
<http://admin2.soe.purdue.edu/support/emailstuff/email_virus/>

ABOUT Email Spoofing Viruses

Q: Why do I keep getting returned email messages and complaints from
people that I am sending infected email messages that I did not send???

A: The MyDoom and Klez email viruses, and variants, use random email
addresses from an infected computer's address book in the FROM and TO
fields of messages the virus sends.  Most likely the virus on someone
else's computer has found your email address in an address book and used
it in the FROM field as the virus replicates itself via email.  The
messages look like they came from you, but they did not.  This is called
email spoofing.  The insecure nature of email easily enables anyone to
assume anyone else's email identity.  Not to worry, however.  If your
Purdue anti-virus software has not complained about a virus on your
computer, and you have not opened an email attachment, chances are good
that your computer is not infected and you can tell people "it wasn't me
who sent you that email message, it was someone pretending to be me in a
parallel universe".  Or something like that.  J

An overview of email spoofing from CERT:
http://www.cert.org/tech_tips/email_spoofing.html

News articles explaining more about email spoofing:
http://reviews.cnet.com/4520-3513_7-5128949-1.html
http://antivirus.about.com/library/weekly/aa042502a.htm

---

Or according to Symantec:

Alex is using a computer that is infected with W32.Klez.H () mm  Alex is
either not using an anti-virus program or does not have current virus
definitions. Both Beth and Chris have sent email to Alex in the past.
When W32.Klez.H () mm performs its emailing routine, it finds the email
addresses of Beth and Chris. It inserts Beth's email address into the
"From" field of an infected message. It adds Chris's name to the "To"
field and then sends the infected email to Chris. Chris then contacts
Beth and complains that she sent him an infected message, but when Beth
scans her computer, Norton Anti-Virus does not find anything--as would
be expected--because her computer is not infected.

Regards,

Chris


-----Original Message-----
From: Benny Late [mailto:lvmygop () hotmail com]
Sent: Wednesday, April 07, 2004 2:17 PM
To: security-basics () lists securityfocus com
Subject: Email address spoof


Does anyone know of a good paper or source for an "user" explanation of
email spoofing?  Need to explain to a group of users what is happneing
and
why?

Many thanks,
Benny

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from
McAfee(r)
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault