Email spoofing - Who really sent that email?
July 02, 2002
Do you know what I did the other day? I went and emailed a virus to myself. Why did I do such a thing? Honestly, I couldn't tell you, because I don't remember doing it. Maybe it's amnesia. But I did indeed send that virus. It says so right there in the email, FROM:Mike Healan. So I must be the one that sent it right? Don't be so sure.
It used to be that if someone emailed a virus to you, you emailed back and chewed them out for their foolishness. Today you can't do that. The Klez virus has been wreaking chaos around the world by spoofing the email addresses it sends itself from. Rather than mail itself out using the address of the person infected, it takes a random name from the infected person's address book and mails itself out as that person. That makes it impossible to figure out which infected person's machine sent that email to you.
This worm often uses a technique known as "spoofing." When it performs its email routine it can use a randomly chosen address that it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.
How can you avoid becoming infected with such a virus? It's simple. First, never ever ever open an attachment received via email if you didn't know it was coming. Put the email in question is a separate folder, then email the person back and ask them what it is. You are as likely to receive an email virus from someone you do know as you are from someone you don't know. The reason for this is because nearly all email virii spread by mailing themselves out to everyone in your address book.
Second, get a good, updated anti-virus and scan every program you download before you run it. Personally, I use AVG anti-virus from Grisoft, and it has yet to let me down. It updates itself automatically, scans your system automatically, and for US and UK citizens, it's also free. Hard to beat that. Norton and McAfee also make good anti-virus software, though I do tend to hear a lot of complaints about them.
It's not always a virus that causes you to receive an email from someone who didn't actually send it however. There are plenty of people with far too much time on their hands sending emails out to people and spoofing the return address. Why do they do this you ask? There are many possible reasons. Some of them are simply trying to cause trouble. Some people would like to discredit the person being spoofed by sending some truly vile message to the recipient, an insult to the boss perhaps. It's the same mentality you see in people who knock on your front door and then run before you can answer it.
Sometimes email spoofing is used to do what hackers call "social engineering". You get an email from your web site's administrator, or from your ISP. The email asks you to go to a web page and enter your password, or to get you to change your password to one of their choosing. You might receive an email that asks for detailed information on a secret company project which appears to come from your boss, but instead comes from your company's competitor. Many well-known companies are daily victims of email spoofing, either accidently with a virus, or deliberately. Lavasoft, for example, is a common victim of email spoofing.
There is really no way to prevent receiving a spoofed email. If you get an odd-looking email from someone, there are ways of telling if it is fake. The simplest way would be to simply reply to it and ask for clarification. If that is not an option, you could look at the headers to see where the email originated from. You should also exercise some common sense. If the email is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, find out if it really is "from" the person it says it's "from".