email spoofing



Your banter here!
Post Reply
User avatar
Faulkner
Posts: 5132
Joined: Sun Mar 07, 2004 6:59 pm
Location: Upper Darby, PA
Contact:

email spoofing

Post by Faulkner »

There's been a lot of discussion on the forum lately about folks getting emails they think came from someone they know. Often, these emails contain a link to a disreputable website.

The natural conclusion is that the computer of the person they know has been infected by a virus. Unfortunately, that's the (false) conclusion they reach *after* they click on the link, which may result in their own computer being infected with a worm or virus. This virus may set up shop on the newly infected computer, collecting credit card info or spontaneously launching websites advertising Viagra. It then attempts to trick other users into doing the same thing.

Everybody who uses an email client collects dozens, hundreds of email addresses on the way. These viruses exploit that fact. Imagine that Dick Koch once emailed a bunch of people including John Smith, who forwarded that email to Tom Jones. Tom gets another email "from" his buddy Sam Brown, with a link to a Russian website loaded with malware. Tom clicks on it and infects his computer. It decides to start spawning emails to addresses in Tom's computer, and "spoofs" as if the email came from Dick Koch. It's smart enough to figure out who Dick sent the original email to, and bombards them with emails in the hope they will think that Dick sent it. Some of the recipients fall for it, and click on the link... And the virus propagates.

Note that in this scenario, Dick's computer is oblivious to the spoof. It has not been "taken over", nor has Dick's email account. It has absolutely nothing to do with it. But without examining the email "headers", it's impossible to know exactly where the spoof originates.

Ron forwarded me one such email from this recent incident, and it appears it's coming from a computer in Fremont, California. It's possible to figure out who the service provider is for the computer, and ask them to contact their client to deal with the infection - but, it's not their responsibility. In fact, with so many unprotected computers out there, it's next to impossible to fix the problem.

The best you can hope to do, is recognize from the form of a mysterious email - e.g., no text and a link to a Russian website (you can sometimes see the address if you hover over the link) - and delete it immediately. And, never post email addresses on Forums, like this one - bots will pick them up and target them for spam. (Disguised addresses like dan at 59plymouth dot net are OK.)

...and finally, don't conclude because you get spam that appears to come from someone, that it actually originated with them. Often it's an attempt to take advantage of your willing suspension of disbelief.

For more information about spoofing, read here: http://en.wikipedia.org/wiki/Email_spoofing

Dan
"If it's new, Plymouth's got it!"
User avatar
Denver 59 Fin Convert
Posts: 2139
Joined: Tue May 16, 2006 10:57 pm
Location: Arvada, Colorado
Contact:

Re: email spoofing

Post by Denver 59 Fin Convert »

Had no Idea the level of spoofing and the degree these people go to..

Thanks Dan for the IT Scoop on things!

John Q.
John Quinn
Arvada, Colo
(NW suburb of Denver)

"Chrysler Corporation-Extra Care in Engineering"
http://www.flickr.com/photos/56963213@N ... 457983491/
Post Reply