Q

Can you give some specific information pertaining to how spoofed e-mail messages are achieved?

Can you be more specific with locating the information (on www.sarc.com) pertaining to how spoofed e-mail messages (your 6/19 post) are achieved?

The information I was referring to can be found in the "technical details" section of each virus' data sheet. For example, the following explanation of e-mail header spoofing can be found in the data sheet for the W32.Klez.H worm:

E-mail spoofing
This worm often uses a technique known as "spoofing." When it performs its e-mail routine, it can use a randomly chosen address that it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its e-mailing routine, it finds the e-mail address of Harold Logan. It inserts Harold's e-mail address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your e-mail address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send e-mail and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.

(source: http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html)

This was first published in June 2002

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close