[Ansteorra] My ID stolen from elsewhere

Michael Tucker mtucker at airmail.net
Tue Mar 9 15:59:00 PST 2004

On Tuesday, March 9, 2004, at 05:27  PM, Muirchu wrote:

> All said is true, however, in this case I believe the culprit to have 
> to
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator 
> from
> each infected server (possibly even ISP) it does not have to 
> necessarily
> infect your computer to spoof you. (pretend to be you) as yet I have 
> not
> been able to track any virus which uses this method but I would caution
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
> Faolon

Actually, Faolon, it isn't that complicated. It's all driven by the 
email address book of an infected computer.

Suppose that Bob's computer gets infected. Suppose that Bob has 
Marsha's email address (along with a few hundred others) in the address 
book on his computer. The virus, running on Bob's computer, will then 
send a message to everyone in Bob's address book, pretending to be from 
any of those addresses (except Bob).

So, if you are in Bob's address book, you'd get a message possibly 
pretending to be from Marsha. Marsha might get a message pretending to 
be from this list (ansteorra at ansteorra.org). This list might get a 
message pretending to be from the Yahoo! server. The Yahoo! server 
might get a message pretending to be from you. And so on.

The point is, none of the pretend "from" addresses are genuine. They're 
real addresses, alright; but that's not where the message is coming 
from. They're coming from the virus running on Bob's computer.

Make sense?

Michael Silverhands

More information about the Ansteorra mailing list