Re: [fw-wiz] To spoof or not to spoof???? That is the question....
From: Matt Dunn (matt.dunn_at_gmail.com)
Date: 07/30/04
- Previous message: Jim Seymour: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- In reply to: InHisGrip: "[fw-wiz] To spoof or not to spoof???? That is the question...."
- Next in thread: Kevin Sheldrake: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: servie_platon@yahoo.com Date: Thu, 29 Jul 2004 23:55:48 -0400
On Thu, 29 Jul 2004 13:14:17 -0700 (PDT), InHisGrip
<servie_platon@yahoo.com> wrote:
<snip>
> Now, right now it happened again like I received an
> email with attachment coming from myself and sent to
> my address also which is infected with this worm
> variant.
>
> My question is, since this worm has happened before
> and I checked the security updates/howto's from
> symantec and mcafee.... I checked and found that my
> client PC's was not infected and clearn.
>
> I was just wondering why this happened again?
The e-mail you were getting this week was most likely from MyDoom.M.
From McAfee's description of the virus:
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Do not assume that the sender address is an indication that the sender is
infected. Additionally you may receive alert messages from a mail server
that you are infected, which may not be the case.
The From: address may be spoofed with a harvested email address.
Additionally, it may be constructed so as to appear as a bounce, using
the following addresses:
* mailer-daemon@(target_domain)
* noreply@(target_domain)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
In this day and age, the From, To and CC headers in an e-mail are
altogether useless for tracing anything. If you're interested in
tracking an e-mail, the Received headers (usually hidden by the
client) are still fairly reliable, but are certainly not immune to
spoofing. Beyond that, since there are typically several hops that an
individual message takes to get from Alice to Bob, it's very difficult
to be at all certain about its history, etc.
> Since this has happened again, I have decided to use
> gnupg for all my machines in the future.
Unless you require everybody you correspond with to also use GPG/PGP
in a secure fashion (i.e. no automated process should be able to
access anyone's private key), and convince your mail service to
summarily delete anything that's not signed by a trusted sender, I
don't think GPG is going to help you with this situation.
That said, it's worth using anyway for a multitude of other reasons,
and if you happen to figure out a way to implement the scenario I laid
out above in a practical way, my hat's off to you: you'll make a
fortune.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Jim Seymour: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- In reply to: InHisGrip: "[fw-wiz] To spoof or not to spoof???? That is the question...."
- Next in thread: Kevin Sheldrake: "Re: [fw-wiz] To spoof or not to spoof???? That is the question...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
