On Nov 17, 2006, at 9:43 AM, Douglas McAdam wrote:
If you ever get an email that tells you something that you are
curious if it is true or not... go right to the bottom of the email
and look for the closing sentence. If it is anything along the lines
of the one in your email like:
Pass this on to all your friends.
Then you know right away that the entire email is false and you can
throw it out and ignore it.
But, just for fun, lets break this down and prove why it is false.
I learned a computer trick today that's really ingenious in its
simplicity. As you may know, when/if a worm virus gets into your
computer it heads straight for your email address book, and sends
itself to everyone in there, thus infecting all your friends and
associates.
Bzzz... wrong. No worm in a long time has gone anywhere near the
address book. Instead it goes for the emails you have saved on your
computer. Inbox, Sent Mail, stored mail, any mail. It reads those
emails, extracts all possible email addresses and sends to those
addresses. This gives it a much larger pool of email addresses, and a
higher probability of getting valid addresses (because typically,
people's address books are out of date). It also does this, because
it needs to scan the emails already so it can put together a valid
sounding email (notice how worms these days all seem to come in with
darn near legit email text... that is because it pulls valid email
bodies to construct a new email). So why spend time dealing with an
address book, when you can get everything you need (and more) from
the emails themselves.
Now, here's what you've done and why it works:
The "name" "A" will be placed at the top of your address book as
entry#1.
This will be where the worm will start in an effort to send itself
to all
your friends.
But, when it tries to send itself to [EMAIL PROTECTED], it will be
undeliverable because of the phony email address you entered. If
the first attempt fails (which it will because of the phony
address), the worm goes no further and your friends will not be
infected.
Bzzz... wrong again. The worm doesn't care if an email is
undeliverable, in fact, they are specifically designed to not care
and ignore undeliverable addresses. They anticipate that a portion of
the addresses extracted for use will be undeliverable. So if it gets
one, it just moves on to the next email in the list without a care in
the world. Also, depending on the worm, it isn't even going to know
if an email is undeliverable. Some worms don't deliver directly to
the recipient mail server, they deliver to an intermediate mail
server (be it your ISP, or some other known open relay). If it
delivers to another server, the outbound mail will be accepted even
with a bad address, as there is no way to determine the address is
undeliverable at that stage. Worms that deliver directly to the
recipient (a growing number, and probably a large majority of them
these days), will know an address is bad, but it won't stop them.
They will just drop the connection and move on to the next email in
the list.
Here's the second great advantage of this method:
If an email cannot be delivered, you will be notified of this in
your In
Box almost immediately. Hence, if you ever get an email telling you
that an
email addressed [EMAIL PROTECTED] could not be delivered, you know
right away that you have the worm virus in your system.
Bzzz... I'm sorry, that's three strikes. No worm in a long time has
used your email address as the return address. They don't use your
address, because they want it to be hard to figure out who is the
infected person. If they used your address, then you would get these
bounce notices and you would be able to correct things (or you would
get calls from people you sent it to alerting you to the problem).
Rather, worms grab addresses at random from the list of addresses
extracted from your email, and it uses one of those as the return
address. So the new worm emails will all appear to come from someone
other than you, and all bounce messages due to undeliverable
addresses will go to them and not you.
So, the moral of this is, next time you get an email that says to
pass it on to everyone you know... don't. Just throw it out, it is
all lies.
-chris
<www.mythtech.net>
___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
