OT: Article Why I'm not sending you viruses

[Guest guest]

There is another one of those annoying viruses going around, and I have

checked my computer, I do not have the virus, but I know from the sheer

volume of undeliverable mail I have gotten in the past few days to

addresses that don't exist, that I never sent mail to, my e-mail address

is being spoofed .. here is some more info about this kind of thing:

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html?tag=ad

ss

 

So if you get a message from me with a title like " Look, hot Japanese

girls like Viagra " .. don't open it - I did NOT send it ... and it

wouldn't hurt to get a good anti-program and be sure to update it.

 

*Smile*

Chris (list mom)

http://www.alittleolfactory.com

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html?tag=ad

ss

 

Why I'm not sending you viruses

 

By Robert Vamosi: Senior Editor, Reviews

 

 

 

Since this latest swarm

<http://reviews-zdnet.com.com/Software/4520-6600_16-5020382-1.html?tag=t

xt> of medium-threat viruses started , I've gotten a fair number of

e-mail messages claiming I sent someone a virus. Well, I didn't. Not

only do I have a corporate gateway to stop incoming viruses, my desktop

also runs an enterprise version of an antivirus program.

 

 

 

 

I've become a victim of what I call " viral-borne identity theft, " a.k.a.

spoofing. Here's what e-mail spoofing is

<http://www.cert.org/tech_tips/email_spoofing.html> and what you should

be aware of. But I'll warn you up front: there's not a whole lot you can

do to stop spoofing except minimize your exposure.

 

How viruses steal e-mail addresses

Once upon a time, you could trust the return address on a given e-mail

message. In most cases, that's still true today, but with the advent of

computer viruses and spam, the name after the is sometimes

spoofed. The sender disguises him or herself to be someone else, someone

you might know, in a vain attempt to get you to open the e-mail.

 

In my case, here's what happened: My e-mail address here at CNET

Networks appears on just about every story I write. When you read my

work, your Internet browser caches a copy of the page on your hard drive

for fast retrieval should you want to read it again. If your computer

should become infected with a virus, that virus might parse the cached

HTML pages and pull out any e-mail addresses it finds. It also culls

addresses from your Outlook contacts and various other documents stored

on your hard drive. Newer viruses also have the ability to attach common

names to stock domains, such as .aol, .msn, ., and those used by

several antivirus vendors, thereby guessing e-mail addresses on the fly

(but a lot these created addresses fail, of course).

 

The virus then sends copies of itself. To do so, it uses its own SMTP

engine to bypass your e-mail client and any built-in safeguards your

e-mail client may have. Not only will the virus try to send me a copy of

the virus, for example--and, later, plenty of spam, thank you very

much--the virus might also attempt to use my e-mail address as the

sender's return address to infect others.

 

How enterprise AV systems add to the Internet traffic

But wait, it gets worse. Even if friends and family understand that I

likely did not send them a virus, some enterprise antivirus program with

built-in return messages will state emphatically that I have a virus.

Here's how that works: As the forged e-mail enters their enterprise

system, that system bounces it back to the apparent sender with a

message that authoritatively states, " You are infected with XXX virus. "

I have hundreds of these bounced e-mail messages claiming that I am

infected with MyDoom.f, Netsky.d, or Bagle.c. I'm not.

 

In the middle of an e-mail virus outbreak, messages such as

these--originally intended to provide a useful service--only add to the

Internet traffic jam. Brian Martin, a.k.a. Jericho at Attrition.org,

wrote a thorough

<http://www.attrition.org/security/rant/av-spammers.html> critique of

the current methods being used, complete with examples. His conclusion?

System administrators need to turn off this " helpful " feature if they

haven't already.

 

Unfortunately, the spoofing problem itself lies deep under the hood of

the Internet, within SMTP, Simple Mail Transfer Protocol, the Internet

protocol used for sending e-mail. SMTP was created many years ago and

lacks a modern method for verifying the authenticity of the sender. With

a little finesse, almost anyone can manipulate the header information on

an e-mail message to disguise its true origin and make it appear as

though someone else sent you a message.

 

Bill Gates has started talking up Microsoft's idea to

<http://zdnet.com.com/2100-1105-5070623.html?tag=txt> charge " postage "

for e-mail, a program that's specifically aimed at reducing spam but

would work for e-mail borne viruses as well. I honestly don't think the

postage for e-mail idea is going to fly. So the only lasting solution

would be to revamp SMTP, but that's years away from fruition.

 

In the meantime, there's not much you can do to stop e-mail spoofing,

except minimize your chances of contributing. If you have a Web site or

regularly post to online forums, consider keeping your e-mail address

off the site--this includes the code your_name buried

within the HTML. And if you really need to post it, consider putting the

e-mail address within a JPEG so that the virus can't parse out the

information. But no matter how careful you are, you can't stop the

latest virus from stealing your address out of a friend's in-box

(although you can tell your friends that they really need to install

some form of antivirus protection).

 

 

 

 

<http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html?tag=a

dss>