[Ansteorra] My ID stolen from elsewhere

Michael Tucker mtucker at airmail.net
Tue Mar 9 15:59:00 PST 2004


On Tuesday, March 9, 2004, at 05:27  PM, Muirchu wrote:

> All said is true, however, in this case I believe the culprit to have 
> to
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator 
> from
> each infected server (possibly even ISP) it does not have to 
> necessarily
> infect your computer to spoof you. (pretend to be you) as yet I have 
> not
> been able to track any virus which uses this method but I would caution
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
>
> Faolon
>

Actually, Faolon, it isn't that complicated. It's all driven by the 
email address book of an infected computer.

Suppose that Bob's computer gets infected. Suppose that Bob has 
Marsha's email address (along with a few hundred others) in the address 
book on his computer. The virus, running on Bob's computer, will then 
send a message to everyone in Bob's address book, pretending to be from 
any of those addresses (except Bob).

So, if you are in Bob's address book, you'd get a message possibly 
pretending to be from Marsha. Marsha might get a message pretending to 
be from this list (ansteorra at ansteorra.org). This list might get a 
message pretending to be from the Yahoo! server. The Yahoo! server 
might get a message pretending to be from you. And so on.

The point is, none of the pretend "from" addresses are genuine. They're 
real addresses, alright; but that's not where the message is coming 
from. They're coming from the virus running on Bob's computer.

Make sense?

Yours,
Michael Silverhands




More information about the Ansteorra mailing list