Log In Join
 
Home About us Courses Announcements Tech Info Pictures

 

     Tech Advisory – TA03

  A Clarification Of “Spoofing”

Dealing With The “Spoofed” E-mail

1.   Virus Spoofing

Many concerned Seniors, in our Volunteer Organization, have continually asked “How can I identify e-mail viruses and feel assured that my computer doesn’t become infected”?  Because of this concern, we will attempt to provide a simple “guide-of-sorts” that you will be able to use to help in weeding out these harmful messages!

We all know to avoid “opening attachments” that are included in an e-mail from someone “unknown” or from an address that is not recognized!  Long considered to be the “safe” position to take, as you clear out your in-box, you now have to be looking closely at all messages that include attachments!  The “virus writers” have learned that most people are more likely to open attachments in a message from a familiar address and they take advantage of this weakness by “spoofing” their virus-loaded message!       

2.  What does it mean to me?

Spoofing, or altering the addresses that a message appears to come from, is a relatively easy thing to do and the virus creators are very good at it!  Evidence of this can be seen in the recent W32.Beagle viruses that appear to come from legitimate “billing” or “support” addresses.  Most good virus checkers are able to catch and “quarantine” these viruses.  The virus writers, in this case, take the domain name, i.e., aol.com, yahoo.com, dslextreme.net, earthlink.net, and add to it, one of a few  “official” sounding names such as “management”, “administration”, “support”, or “billing” to create the addresses as the sender of their message.  The “spoofed” address becomes billing@aol.com, or support@earthlink.net, or management@yahoo.com, all of which we have seen!   Even though they appear to be legitimate addresses, the e-mail in which they appear are in fact, not sent from the domains indicated by those addresses.  Instead, they are usually sent, unintentionally, from an infected computer of a friend, family member, or a co-worker who has your e-mail address in their address book.

3.  Looking at your E-mail     

So, now that we know that looking at the address, that a message appears to come from, is not an effective way to identify virus messages, we can move on to what does work!  The best method, to determine the nature of an e-mail message is to look at the text of the letter itself.  Letters that contain viruses are written to entice you into opening the attached file and, while they are quite effective in doing so, there are limitations placed on the virus writers that, if you are aware of them, can be used against them!  For starters, virus letters are essentially form letters.  They are sent out to large numbers of people and, because of that, have to be general in nature and cannot contain any specific information about you!  For example, many simple viruses have a small amount of text, similar to “Here is the file that you requested” and nothing more.  If you receive a message like this, you should immediately be on your guard!

4.  The second type  

Because messages like the one above are relatively easy to “sniff out”, recent virus writers have become smarter about the text that they include, but they are still limited in what they can do!  An example of this is a message in circulation that has a “spoofed” address making the message appear to come from a legitimate source.  In the case of a Netscape.net subscriber, this message would appear to come from Netscape.net and tells the recipient that Netscape.net has detected that their computer has become infected with a virus, instructing the recipient to open the attached file that will clean the virus out of their computer system.  It will then be signed at the bottom of the letter “The Netscape.net Support Team”.  Although this type of message appears to be a very helpful and official letter, the file that is attached to these letters, that is supposed to help the recipient, is in fact the virus, and the signature on the letter is spoofed just like the address that the letter appears to come from!  

5.  Conclusion   

As you can see, recognizing a virus that is written like this is a bit more difficult, but is not impossible!  The first thing that you should examine when looking at an e-mail is to determine if it is a form letter.  If the letter appears to come from a friend or other similar contact, does it refer to you by name?  Does it mention other specific information that only people who know you would be able to include?  If not, the letter is probably a form letter!

Lastly, once you have determined it to be a form letter, look to see if it has an attachment and is trying to get you to open it, or is asking you to submit information of any kind!  Legitimate sources are not going to send you a form letter, with attached files, or any message that prompts you to submit information on-line.  Messages that fit the patterns described above should be treated as though they were virus letters and they should be disposed of appropriately ……DELETE THEM!

 

Have Fun! … Keep your system clean!  Run Spybot!