[Ansteorra] My ID stolen from elsewhere
Faolon at plaiddragon.net
Wed Mar 10 04:11:39 PST 2004
Yes makes perfect since, however it has become increasingly popular for
virus junkies and script kiddies to use the method I have described
Since most ISP's are merely reactive in trying to stop them.
All this aside, if someone wishes to create a "where did my email come
from list" I'm sure all of us network analyst, system administrators,
and Internet security people would love to have some one to talk too..
From: ansteorra-bounces at ansteorra.org
[mailto:ansteorra-bounces at ansteorra.org] On Behalf Of Michael Tucker
Sent: Tuesday, March 09, 2004 5:59 PM
To: Kingdom of Ansteorra - SCA, Inc.
Subject: Re: [Ansteorra] My ID stolen from elsewhere
On Tuesday, March 9, 2004, at 05:27 PM, Muirchu wrote:
> All said is true, however, in this case I believe the culprit to have
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator
> each infected server (possibly even ISP) it does not have to
> infect your computer to spoof you. (pretend to be you) as yet I have
> been able to track any virus which uses this method but I would
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
Actually, Faolon, it isn't that complicated. It's all driven by the
email address book of an infected computer.
Suppose that Bob's computer gets infected. Suppose that Bob has
Marsha's email address (along with a few hundred others) in the address
book on his computer. The virus, running on Bob's computer, will then
send a message to everyone in Bob's address book, pretending to be from
any of those addresses (except Bob).
So, if you are in Bob's address book, you'd get a message possibly
pretending to be from Marsha. Marsha might get a message pretending to
be from this list (ansteorra at ansteorra.org). This list might get a
message pretending to be from the Yahoo! server. The Yahoo! server
might get a message pretending to be from you. And so on.
The point is, none of the pretend "from" addresses are genuine. They're
real addresses, alright; but that's not where the message is coming
from. They're coming from the virus running on Bob's computer.
Ansteorra mailing list
Ansteorra at ansteorra.org
More information about the Ansteorra