![](themes/icicle/images/spacer.gif) |
e-Mail spoofing
Online Advertising
e-Mail spoofing
E-mail spoofing is a technique commonly used for
spam e-mail and
phishing to hide the origin of an
e-mail
message. This involves changing certain properties of the e-mail, such
as the From, Return-Path and Reply-To fields (which
can be found in the message header) to make the e-mail appear to be from
someone other than the actual sender.
As many spammers now use special software to create random sender addresses,
even if the user finds the origin of the e-mail it is unlikely that the e-mail
address will be active.
The technique is now used ubiquitously by mass-mailing worms, as a means of
concealing the origin of the propagation. On infection, worms such as ILOVEYOU,
Klez and Sober will often perform searches for e-mail addresses within a
Microsoft Outlook address book or similar, and use those addresses in the
From field of e-mails that they send, so that these e-mails appear to have
been sent by the third party. For example:
- User1 is sent an infected e-mail and then the e-mail is opened,
triggering propagation
- The worm finds the addresses of User2 and User3 within the
address book of User1
- From the computer of User1, the worm sends an infected e-mail to
User2, but the e-mail appears to have been sent from User3
This can be particularly problematic in a corporate setting, where e-mail is
sent to organisations with
content filtering gateways in place. These gateways are often configured
with default rules that send reply notices for messages that get blocked, so the
example is often followed by:
- User2 doesn't receive the message, but instead gets a message
telling him that a virus sent to them has been blocked. User3
receives a message telling him that a virus sent by them has been blocked.
This creates confusion for both User2 and User3, while
User1 remains unaware of the actual infection.
Newer variants of these worms have built on this technique by randomising all
or part of the e-mail address. A worm can employ various methods to achieve
this, including:
- Random letter generation
- Built-in wordlists
- Amalgamating addresses found in address books, for example:
- User1 triggers an e-mail address spoofing worm, and the worm
finds the addresses user2@efgh.com, user3@ijkl.com and
user4@mnop.com within the users Outlook address book
- The worm sends an infected message to user2@efgh.com, but the
e-mail appears to have been sent from user3@mnop.com
Home | Up | e-Mail spoofing | Phishing | Scam baiting
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
| ![](themes/icicle/images/spacer.gif) |