Note: While this was written years ago, it's message is still timely.Email spoofing (Forgery) - Who really sent that email? (The latest scourge)
I can't believe it. I emailed a virus to myself. Why, you ask? Well, I don't know. I really don't remember doing it. In my sleep maybe? But I did send that virus. It says so right in the email. So I guess I am guilty, right? Don't be so sure...
It used to be that if someone emailed a virus to you, you emailed back and complained about their faulty virus software. Today you can't do that. The Klez virus (among others) has been wreaking chaos around the world by spoofing the email addresses it sends itself from. Rather than mail itself out using the address of the person infected, it takes a random name from the infected person's address book and mails itself out as that person. That makes it nearly impossible to figure out which infected person's machine sent that email to you. Norton Anti-Virus detected and deleted a total of 1,143 viruses sent to my email address from April 15, 2004 to May 25, 2004. That's not counting the spam, just the viruses. If you are using Outlook (Or Outlook Express) as your emailer of choice, you may want to consider something else. (Pegasus is completely free and Eudora (now open source) has a free version. If you like Outlook, Bloomba (not free) may be for you.) 98% of the viruses out there are written to run through Outlooks address book. Are we saying that Outlook is a bad program? Absolutely not (Even though we've never used it). It's just that since most people use it, it's a logical target for spammers and hackers to attack.
Haven't heard from your friends in a while? If you use any type of spam software (such as the highly recommended Mailwasher) you should be carefull not to blacklist yourself or your friends by mistake! If an email has something in the title that is obvious spam (viagra, cheap software, etc.) you may just automatically hit "blacklist". But it may have your friends email address on it! Check your filters often to make sure your friends can get through to you. Mailwasher makes it really simple to do.
Global Business Partnership will NEVER send out blind emails. Nor will any of it's members. If you get anything unwanted from anyone from the gbp.net domain address, you can be certain it wasn't sent by anyone here.
From Symantec's web site:
"This worm often uses a technique known as "spoofing." When it performs its email routine it can use a randomly chosen address that it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else."
How can you avoid becoming infected with such a virus? It's simple. First, never ever ever open an attachment received via email if you didn't know it was coming. Put the email in question is a separate folder, then email the person back and ask them what it is. You are as likely to receive an email virus from someone you do know as you are from someone you don't know. The reason for this is because nearly all email virus's spread by mailing themselves out to everyone in your address book. Of course, the newer generations are just looking for open ports. That's a whole different ball park. You should have a firewall set up. If you don't have a router, try the free version of Zone Alarm for protection.
It's imperative that you get a good, updated anti-virus program and scan every program you download before you run it. We use and recommend ESET NOD32 Antivirus ESETThey have a free trial. Or you can choose Grisoft's AVG . A good free program with a pretty good reputation as well. (They also have a paid version)
!!! But remember, even with a good, updated, anti-virus program, you are still open for new viruses. When a new one is released, the companies have to find it and fix it before their program can nullify it. That could take days... or even longer. That's why doing a full systems scan frequently is imperative. You could have gotten one before your anti-virus program vendor even knew about it, let alone patched it. Once it's discovered and fixed by your anti-virus company, the full system scan can find it and fix it.
And that's not all.
Compounding the problem, it's not always a virus that causes you to receive an email from someone who didn't actually send it. There are plenty of people with far too much time on their hands sending emails out to people and spoofing the return address. Why do they do this you ask? Well, aside from the obvious viagra, etc. peddlers, there are many possible reasons. Some of them are simply trying to cause trouble. Some people would like to discredit the person being spoofed by sending some truly vile message to the recipient, an insult to the boss perhaps. It's the same mentality you see in people who knock on your front door and then run before you can answer it.
Sometimes email spoofing is used to do what hackers call "social engineering". (aka "Phishing") You get an email from your web site's administrator, or from your ISP. The email asks you to go to a web page and enter your password, or to get you to change your password to one of their choosing. You might receive an email that asks for detailed information on a secret company project which appears to come from your boss, but instead comes from your company's competitor. Many well-known companies are daily victims of email spoofing, either accidentally with a virus, or deliberately. Lavasoft, for example, is a common victim of email spoofing.
On May 28, 2004, a New York state man who sent out millions of "spam" e-mails was sentenced to 3-1/2 to seven years in prison, the state attorney general's office said. Howard Carmack, known as the "Buffalo Spammer," received the maximum sentence for 14 counts of identity theft and forgery. He was also fined over 16 MILLION dollars by earthlink. His ISP. You would think that other spammers would take notice.
There is really no way to prevent receiving a spoofed email. If you get an odd-looking email from someone, there are ways of telling if it is fake. The simplest way would be to simply reply to it and ask for clarification. If that is not an option, you could look at the headers to see where the email originated from. You should also exercise some common sense. If the email is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, find out if it really is "from" the person it says it's "from".
So, in a nutshell... Email is broken. Badly. Some ISP's do some filtering for you, but that has come to the point where it only compounds the problem. Every day, more and more messages seem to get "lost". Just a few short years ago it was virtually impossible to lose email with a reliable ISP. Email was their top priority. Could be a number of reasons, of course, but much of it is because the email is being deleted as spam before it even gets to you. There's simply too much junk coming through for any ISP to handle effectively. And, it's to the point where you need to open virtually every email you get just to make sure it's spam.
But wait. Where do they get my email address from?Easy. Even if you don't have a virus, if your email address is anywhere on the web there are programs spammers use to collect it and sell it to others. It's big business. These programs just scour the web for email addresses. That's the most common way. However, there are other ways.
Ever send an ecard to a friend? Many (if not most) of these companies are nothing more than spam farms. Even some of the pay ones. You enter your email address and the one of your friend you are sending a card to. They got you. And your friend.
Did you sign up for a company that screens your email? They have your email address. And anyone who responds to their "authorization" email gives them theirs as well.
But are all these companies spam farms? No, of course not. But telling the good from the bad is virtually impossible so it's probably a good idea to just avoid them all.
So, in a nutshell, be careful about who you give your email address to (and your friends).
Some links for more Information...
- http://www.cert.org/tech_tips/email_spoofing.html
- http://www.cert.org/advisories/CA-1996-21.html
- http://www.lse.ac.uk/itservices/help/spamming&spoofing.htm
- http://www.mailsbroadcast.com/email.broadcast.faq/46.email.spoofing.htm
Home