Our website uses cookies to store information on your computer. You may delete and block all cookies from this site, but parts of the site will not work as a result. Find out more about how we use cookies.
(Do not show this message again)
Shout99 - News matters for freelancers
Search Shout99 - News matters for freelancers
(Advanced Search)
   Join Shout99  About Shout99   Sitemap   Contact Shout99 18th Jan 2018
Forgot your password?
Shout99 - Freelancers, FO35, Section 660
New Users Click Here
Shout99 - Freelancers, FO35, Section 660
Shout99 - Freelancers, FO35, Section 660
Front Page
News...
Freelancers' Shop...
Ask an Expert...
Letters
Direct Contracts
Press Links
Question Time
The Clubhouse
Conference Hall...
  EBT Discussion
News from Partners
Accountants

Login
Sitemap

Business Links

Shout99 - Freelancers, FO35, Section 660
  
Shout99 - Freelancers, FO35, Section 660

News for the
Construction Industry

Hardhatter.com - News for small businesses in the construction industry

Powered by
Powered by Novacaster
"You've Got Viruses!"
by Simon Banton at 07:55 25/03/04 (Conference Papers)
A short article outlining how to understand your email a little better.(Note for the more technical - don't think I'm overlooking the distinction between 'From' address and the 'Envelope Return Address' in what follows, I'm not. To keep things simpler, I'm using the term 'From' address throughout).
'From' addresses can be faked

Don't assume that an email is really from the address listed in the 'From' line. 'From' addresses are so easily faked they are practically worthless as a means of positive ID.

A typical trick is for spammers and virus authors - and these two groups are now synonymous - is to get a victim's compromised machine to scan itself for anything that looks like an email address.

The virus software looks in the victim's address book, any locally cached web pages and their email archive amongst other places, extracting and remembering the email addresses it finds.

It then starts sending out virus-laden email to the addresses it's found, faking the 'From' address as it goes.

In order to try and trap the unwary, the virus on the sending machine is clever enough to try to use 'To' and 'From' addresses in permutations that a recipient might believe.

So if the victim ever in the past received a legitimate email to victim@domain.com from me@mydomain.com the virus will probably try sending itself to me@mydomain.com with a faked 'From' address of victim@domain.com - hoping that I will mistake it for a genuine message.

Should I be worried?

If you start getting a load of complaints that you're sending spam or viruses to people, there are a couple of possible reasons:

1) You really are doing it.

2) You're not, but the 'From' address on the email the other people got has been faked to be your address, and they're just replying blindly to what they believe is the real sender.

Many automated virus scanning programs bounce infected mail back to the apparent originator, with an alert that the mail wasn't delivered because it was infected. Unfortunately, since most (all?) of these automated systems seem to rely on the 'From' address being genuine, all that happens is they squirt useless alerts at the wrong target. Ironic eh?

I want to complain/inform...

OK, so you've got anti-virus software installed, it's up to date and you've had an alert pop up saying such and such an email was infected with some virus or other.

If you really want to do something about it (other than junk the infected email and forget about it), you'll need to know a lot more about email than this little article is going to tell you.

You'll need to know how to get at the full email header lines, be able to understand what they are telling you, know which of these headers can be faked and which can't, and then know how to track down the actual originator so you can tell them their machine is compromised.

Conclusion

As long as 'From' addresses can be faked and people (and software) don't fully appreciate this fact, we'll all get email from time to time that claims either we're infected, or our email system is infected, or that we're bad people for sending spam.

Whether we really are or not depends on the measures we each take to protect our individual systems from being compromised by the real culprits.

Originally published on community.novacaster.com

--
Simon Banton
Webmaster, Shout99.com

View Comments (Flat Mode) Printer Version
Mail this to a friend
"You've Got Viruses!" Simon Banton - 25/03
    Good article Laserjet - 25/03
    Forged Domain Name Spam richard-s - 26/03
       A major headache Simon Banton - 26/03
    "'From' addresses can be faked... pF - 27/03
       Re: "'From' addresses can be f... mwelbank - 2/04
          The Clients' Choice pF - 17/04
    Re: "You've Got Viruses!" Simon Banton - 7/04
 
Copyright 1999-2015, Shout99.com | All Rights Reserved | Legal Notice