[Ansteorra] My ID stolen from elsewhere

Muirchu Faolon at plaiddragon.net
Wed Mar 10 04:11:39 PST 2004 

Yes makes perfect since, however it has become increasingly popular for
virus junkies and script kiddies to use the method I have described
already,
Since most ISP's are merely reactive in trying to stop them.

All this aside, if someone wishes to create a "where did my email come
from list" I'm sure all of us network analyst, system administrators,
and Internet security people would love to have some one to talk too..

Faolon

-----Original Message-----
From: ansteorra-bounces at ansteorra.org
[mailto:ansteorra-bounces at ansteorra.org] On Behalf Of Michael Tucker
Sent: Tuesday, March 09, 2004 5:59 PM
To: Kingdom of Ansteorra - SCA, Inc.
Subject: Re: [Ansteorra] My ID stolen from elsewhere


On Tuesday, March 9, 2004, at 05:27  PM, Muirchu wrote:

> All said is true, however, in this case I believe the culprit to have 
> to
> have spoof via internet. By this I mean, who ever did this simply
> captured an address from some internet email server, spoofed the
> indentity and initiated the virus. As it seems to change originator 
> from
> each infected server (possibly even ISP) it does not have to 
> necessarily
> infect your computer to spoof you. (pretend to be you) as yet I have 
> not
> been able to track any virus which uses this method but I would
caution
> that your computer doesn't have to be infected for these type of virus
> to spoof you.
>
> Faolon
>

Actually, Faolon, it isn't that complicated. It's all driven by the 
email address book of an infected computer.

Suppose that Bob's computer gets infected. Suppose that Bob has 
Marsha's email address (along with a few hundred others) in the address 
book on his computer. The virus, running on Bob's computer, will then 
send a message to everyone in Bob's address book, pretending to be from 
any of those addresses (except Bob).

So, if you are in Bob's address book, you'd get a message possibly 
pretending to be from Marsha. Marsha might get a message pretending to 
be from this list (ansteorra at ansteorra.org). This list might get a 
message pretending to be from the Yahoo! server. The Yahoo! server 
might get a message pretending to be from you. And so on.

The point is, none of the pretend "from" addresses are genuine. They're 
real addresses, alright; but that's not where the message is coming 
from. They're coming from the virus running on Bob's computer.

Make sense?

Yours,
Michael Silverhands

_______________________________________________
Ansteorra mailing list
Ansteorra at ansteorra.org
http://www.ansteorra.org/mailman/listinfo/ansteorra

More information about the Ansteorra mailing list