Ask the Expert

Can you give some specific information pertaining to how spoofed e-mail messages are achieved?

Can you be more specific with locating the information (on www.sarc.com) pertaining to how spoofed e-mail messages (your 6/19 post) are achieved?

    Requires Free Membership to View

The information I was referring to can be found in the "technical details" section of each virus' data sheet. For example, the following explanation of e-mail header spoofing can be found in the data sheet for the W32.Klez.H worm:

E-mail spoofing
This worm often uses a technique known as "spoofing." When it performs its e-mail routine, it can use a randomly chosen address that it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its e-mailing routine, it finds the e-mail address of Harold Logan. It inserts Harold's e-mail address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your e-mail address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send e-mail and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.

(source: http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html)

This was first published in June 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: