[Ansteorra] My ID stolen from elsewhere
Michael Tucker
mtucker at airmail.net
Tue Mar 9 15:59:00 PST 2004
On Tuesday, March 9, 2004, at 05:27 PM, Muirchu wrote:
> All said is true, however, in this case I believe the culprit to have
> to
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator
> from
> each infected server (possibly even ISP) it does not have to
> necessarily
> infect your computer to spoof you. (pretend to be you) as yet I have
> not
> been able to track any virus which uses this method but I would caution
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
>
> Faolon
>
Actually, Faolon, it isn't that complicated. It's all driven by the
email address book of an infected computer.
Suppose that Bob's computer gets infected. Suppose that Bob has
Marsha's email address (along with a few hundred others) in the address
book on his computer. The virus, running on Bob's computer, will then
send a message to everyone in Bob's address book, pretending to be from
any of those addresses (except Bob).
So, if you are in Bob's address book, you'd get a message possibly
pretending to be from Marsha. Marsha might get a message pretending to
be from this list (ansteorra at ansteorra.org). This list might get a
message pretending to be from the Yahoo! server. The Yahoo! server
might get a message pretending to be from you. And so on.
The point is, none of the pretend "from" addresses are genuine. They're
real addresses, alright; but that's not where the message is coming
from. They're coming from the virus running on Bob's computer.
Make sense?
Yours,
Michael Silverhands
More information about the Ansteorra
mailing list