[Ansteorra] My ID stolen from elsewhere

Muirchu Faolon at plaiddragon.net
Wed Mar 10 04:11:39 PST 2004

Yes makes perfect since, however it has become increasingly popular for
virus junkies and script kiddies to use the method I have described
Since most ISP's are merely reactive in trying to stop them.

All this aside, if someone wishes to create a "where did my email come
from list" I'm sure all of us network analyst, system administrators,
and Internet security people would love to have some one to talk too..


-----Original Message-----
From: ansteorra-bounces at ansteorra.org
[mailto:ansteorra-bounces at ansteorra.org] On Behalf Of Michael Tucker
Sent: Tuesday, March 09, 2004 5:59 PM
To: Kingdom of Ansteorra - SCA, Inc.
Subject: Re: [Ansteorra] My ID stolen from elsewhere

On Tuesday, March 9, 2004, at 05:27  PM, Muirchu wrote:

> All said is true, however, in this case I believe the culprit to have 
> to
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator 
> from
> each infected server (possibly even ISP) it does not have to 
> necessarily
> infect your computer to spoof you. (pretend to be you) as yet I have 
> not
> been able to track any virus which uses this method but I would
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
> Faolon

Actually, Faolon, it isn't that complicated. It's all driven by the 
email address book of an infected computer.

Suppose that Bob's computer gets infected. Suppose that Bob has 
Marsha's email address (along with a few hundred others) in the address 
book on his computer. The virus, running on Bob's computer, will then 
send a message to everyone in Bob's address book, pretending to be from 
any of those addresses (except Bob).

So, if you are in Bob's address book, you'd get a message possibly 
pretending to be from Marsha. Marsha might get a message pretending to 
be from this list (ansteorra at ansteorra.org). This list might get a 
message pretending to be from the Yahoo! server. The Yahoo! server 
might get a message pretending to be from you. And so on.

The point is, none of the pretend "from" addresses are genuine. They're 
real addresses, alright; but that's not where the message is coming 
from. They're coming from the virus running on Bob's computer.

Make sense?

Michael Silverhands

Ansteorra mailing list
Ansteorra at ansteorra.org

More information about the Ansteorra mailing list