On Sat, 2002-04-20 at 22:05, Pierre Fortin wrote:
> On Sat, 20 Apr 2002 21:00:29 -0500 Jason Guidry <[EMAIL PROTECTED]>
> wrote:
> 
> > 
> > It looks like someone has decided that I don't have enough headaches and
> > 
> > has started sending me viri.  Normally this would not bother me, but the
> > 
> > problem is that the from line shows my email address on my website 
> > <[EMAIL PROTECTED]>!
> 
> Spoofing by spammer(?) at 66.24.19.151 (syr-66-24-19-151.twcny.rr.com).
>  

I have received several of these types of infected email (W32/Klez.e@MM)
coming to a win2000 box on my network. Pierre is correct in his
assumption about spoofing being done. It appears that the virus code
does the spoofing. This code generates an email, with the virus file
attached, and this email is then sent. This email, the one generated by
the offending machine, is created as though I am the originator, which I
am clearly not. This is where the spoofing comes to be a part of the
process.

Now, here is the question for Pierre or any others that might have some
thoughts on this. In my investigation of this matter, I have made the
following observations:

The only logical way that the offending machine would know to use my
address (spoofing) as the originator is that this person/machine is
using some variation of Outlook, such as Outlook Express or Outlook
(W32/Klez.e@MM only works with version of MS Outlook), and this means
that my address is in that person/machine's address book, i.e. someone
that knows me or at least has my address in their address book, is
responsible for sending this virus email that has my address at the
originator. It could be that this person/machine is *not* aware that
this is occurring but this is nonetheless how it all got started.

Would like to see some thoughts on this logic (sanity check)...     

aka Dr John,
The Night Tripper
-- 
J. Craig Woods
UNIX/NT Network/System Administration

-Art is the illusion of spontaneity-


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to