[Ansteorra] My ID stolen from elsewhere
mtucker at airmail.net
Tue Mar 9 15:59:00 PST 2004
On Tuesday, March 9, 2004, at 05:27 PM, Muirchu wrote:
> All said is true, however, in this case I believe the culprit to have
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator
> each infected server (possibly even ISP) it does not have to
> infect your computer to spoof you. (pretend to be you) as yet I have
> been able to track any virus which uses this method but I would caution
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
Actually, Faolon, it isn't that complicated. It's all driven by the
email address book of an infected computer.
Suppose that Bob's computer gets infected. Suppose that Bob has
Marsha's email address (along with a few hundred others) in the address
book on his computer. The virus, running on Bob's computer, will then
send a message to everyone in Bob's address book, pretending to be from
any of those addresses (except Bob).
So, if you are in Bob's address book, you'd get a message possibly
pretending to be from Marsha. Marsha might get a message pretending to
be from this list (ansteorra at ansteorra.org). This list might get a
message pretending to be from the Yahoo! server. The Yahoo! server
might get a message pretending to be from you. And so on.
The point is, none of the pretend "from" addresses are genuine. They're
real addresses, alright; but that's not where the message is coming
from. They're coming from the virus running on Bob's computer.
More information about the Ansteorra