| E-mail Spoofing |
Article Index for |
Information AboutE-mail Spoofing |
| CATEGORIES ABOUT E-MAIL SPOOFING | |
| internet terminology | |
| spamming | |
| hoaxes | |
|
METHODS As many spammers now use special software to create random sender addresses, even if the user finds the origin of the e-mail it is unlikely that the e-mail address will be active. The technique is now used ubiquitously by Mass-mailing Worm s as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU , Klez and Sober will often try to perform searches for e-mail addresses within the address book of a mail client, and use those addresses in the ''From'' field of e-mails that they send, so that these e-mails appear to have been sent by the third party. For example: : ''User1'' is sent an infected e-mail and then the e-mail is opened, triggering propagation : The worm finds the addresses of ''User2'' and ''User3'' within the address book of ''User1'' : From the computer of ''User1'', the worm sends an infected e-mail to ''User2'', but the e-mail appears to have been sent from ''User3'' This can be particularly problematic in a corporate setting, where e-mail is sent to organisations with Content Filter ing gateways in place. These gateways are often configured with default rules that send reply notices for messages that get blocked, so the example is often followed by: User2 Newer variants of these worms have built on this technique by randomising all or part of the e-mail address. A worm can employ various methods to achieve this, including:
SEE ALSO EXTERNAL LINKS CERT Tech Tip - Spoofed/Forged Emails |
|
|