RE: Email address spoof

From: Benny Late (lvmygop_at_hotmail.com)
Date: 04/08/04

  • Next message: Cl Clay: "Re: Education and Security"
    To: chrisdavis@ti.com
    Date: Thu, 08 Apr 2004 08:57:53 -0500
    
    

    Thanks to all for the great responses. I'll put them into play.

    B

    >From: "Davis, Christopher - IT Security" <chrisdavis@ti.com>
    >To: Benny Late <lvmygop@hotmail.com>
    >CC: security-basics@lists.securityfocus.com
    >Subject: RE: Email address spoof
    >Date: Thu, 8 Apr 2004 06:42:58 +0530
    >
    >Here's a couple examples:
    >
    >Favorite is from Purdue:
    ><http://admin2.soe.purdue.edu/support/emailstuff/email_virus/>
    >
    >ABOUT Email Spoofing Viruses
    >
    >Q: Why do I keep getting returned email messages and complaints from
    >people that I am sending infected email messages that I did not send???
    >
    >A: The MyDoom and Klez email viruses, and variants, use random email
    >addresses from an infected computer's address book in the FROM and TO
    >fields of messages the virus sends. Most likely the virus on someone
    >else's computer has found your email address in an address book and used
    >it in the FROM field as the virus replicates itself via email. The
    >messages look like they came from you, but they did not. This is called
    >email spoofing. The insecure nature of email easily enables anyone to
    >assume anyone else's email identity. Not to worry, however. If your
    >Purdue anti-virus software has not complained about a virus on your
    >computer, and you have not opened an email attachment, chances are good
    >that your computer is not infected and you can tell people "it wasn't me
    >who sent you that email message, it was someone pretending to be me in a
    >parallel universe". Or something like that. J
    >
    >An overview of email spoofing from CERT:
    >http://www.cert.org/tech_tips/email_spoofing.html
    >
    >News articles explaining more about email spoofing:
    >http://reviews.cnet.com/4520-3513_7-5128949-1.html
    >http://antivirus.about.com/library/weekly/aa042502a.htm
    >
    >---
    >
    >Or according to Symantec:
    >
    >Alex is using a computer that is infected with W32.Klez.H@mm. Alex is
    >either not using an anti-virus program or does not have current virus
    >definitions. Both Beth and Chris have sent email to Alex in the past.
    >When W32.Klez.H@mm performs its emailing routine, it finds the email
    >addresses of Beth and Chris. It inserts Beth's email address into the
    >"From" field of an infected message. It adds Chris's name to the "To"
    >field and then sends the infected email to Chris. Chris then contacts
    >Beth and complains that she sent him an infected message, but when Beth
    >scans her computer, Norton Anti-Virus does not find anything--as would
    >be expected--because her computer is not infected.
    >
    >Regards,
    >
    >Chris
    >
    >
    >-----Original Message-----
    >From: Benny Late [mailto:lvmygop@hotmail.com]
    >Sent: Wednesday, April 07, 2004 2:17 PM
    >To: security-basics@lists.securityfocus.com
    >Subject: Email address spoof
    >
    >
    >Does anyone know of a good paper or source for an "user" explanation of
    >email spoofing? Need to explain to a group of users what is happneing
    >and
    >why?
    >
    >Many thanks,
    >Benny
    >
    >_________________________________________________________________
    >Is your PC infected? Get a FREE online computer virus scan from
    >McAfee(r)
    >Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
    >
    >
    >------------------------------------------------------------------------
    >---
    >Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    >off
    >any course! All of our class sizes are guaranteed to be 10 students or
    >less
    >to facilitate one-on-one interaction with one of our expert instructors.
    >
    >Attend a course taught by an expert instructor with years of
    >in-the-field
    >pen testing experience in our state of the art hacking lab. Master the
    >skills
    >of an Ethical Hacker to better assess the security of your organization.
    >
    >Visit us at:
    >http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >------------------------------------------------------------------------
    >----
    >

    _________________________________________________________________
    MSN Toolbar provides one-click access to Hotmail from any Web page FREE
    download! http://toolbar.msn.com/go/onm00200413ave/direct/01/

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Cl Clay: "Re: Education and Security"