E-mail Address Spoofing?
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: E-mail Address Spoofing?

  1. #1
    Member
    Join Date
    Mar 2002
    Posts
    31

    E-mail Address Spoofing?

    Hello, Quickj Noob question. I was wondering if it were possible to spoof someones e-mail account to send out fake e-mails. The reason why I ask is because I keep getting these Virus e-mails from a person(s) using my domain name's e-mail addresses.. I know it's not an actual e-mail address (since I'm the only person who can authorize a new e-mail account), but it's starting to make me worry. Specially if someone spoof's my e-mail address to get someone else's information (password, etc).


    Here's a copy and paste of the Entire Message Source..

    Return-path: <>
    Envelope-to: jessica@guild-wars.com
    Delivery-date: Tue, 06 Apr 2004 03:40:59 -0400
    Received: from mailnull by server1.hostingplex.com with local (Exim 4.24)
    id 1BAlCd-0004be-1E
    for jessica@guild-wars.com; Tue, 06 Apr 2004 03:40:59 -0400
    X-Failed-Recipients: webmaster@guild-wars.com
    Auto-Submitted: auto-generated
    From: Mail Delivery System <Mailer-Daemon@server1.hostingplex.com>
    To: jessica@guild-wars.com
    Subject: Mail delivery failed: returning message to sender
    Message-Id: <E1BAlCd-0004be-1E@server1.hostingplex.com>
    Date: Tue, 06 Apr 2004 03:40:59 -0400

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    webmaster@guild-wars.com
    This message has been rejected because it has
    a potentially executable attachment "pub_document.pif"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <jessica@guild-wars.com>
    Received: from [213.146.32.134] (helo=lib05.com)
    by server1.hostingplex.com with smtp (Exim 4.24)
    id 1BAlCc-0004bL-OZ
    for webmaster@guild-wars.com; Tue, 06 Apr 2004 03:40:58 -0400
    Date: Tue, 06 Apr 2004 16:44:13 +0100
    To: webmaster@guild-wars.com
    Subject: Re: Thanks
    From: jessica@guild-wars.com
    Message-ID: <muxhmjmbcklooggpntn@guild-wars.com>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="--------jlrspmphjmfuedckcial"

    ----------jlrspmphjmfuedckcial
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    <html><body>
    Read the attach.<br><br>

    <br>
    </body></html>

    ----------jlrspmphjmfuedckcial
    Content-Type: application/octet-stream; name="pub_document.pif"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="pub_document.pif"



    ----------jlrspmphjmfuedckcial--

    Anyways, I have no idea what to do.. If *anyone* can help me in any way I'd appreciate it so much.

    Edit: Please note that I did NOT send any e-mails (nor any of my friends with their e-mail accounts) like this before. I never sent any message with the subject "Re: Thanks "
    ~Apollovega~
    \"I will control my Destiny Terenica...I\'m not afraid.\"

  2. #2
    Member
    Join Date
    Mar 2004
    Posts
    41
    Appolo,

    One can spoof email addresses, if he knows the mail server of the domain, and has and idea as to how it is configured.
    There are methods of telneting and sending spoofed emails...

    I think, in spoofed emails one cannot specify the "From : " NAME.
    So if the incoming message contains "From : " and "only the email address",but no name, then there are chances that it is a spoofed email.

    Hope that helps.
    Cheers.
    - SCORPION

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Actually, in this case it's likely a virus that is mimicking return emails (some of them create "fake" email failure messages). IIRC, this particularly one -- based on attachment -- looks like a Beagle/Bagle variant. Viruses have gotten good at creating fake emails based on addresses found in address books of Outlook. One thing that helps is looking at the header info and seeing if your IP address is there.

    Just delete is the best answer.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    It's really, really, really easy to spoof an email. Everyone with half a braincell and a couple of instructions can do it. Why anyone would blindly "trust" an email is just beyond me. Without additional tools (pgp i.e.) you just cannot be 100% certain.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    Hellos,

    First off- yes it is really easy to spoof email addresses. You can generally do it in about 5 minutes with now experiance if you have a tutorial :-)

    But on a different note, I noticed in the source information you posted the below statement:

    "This message has been rejected because it has
    a potentially executable attachment "pub_document.pif"
    This form of attachment has been used by
    recent viruses or other malware."

    This seems to be a typical virus as MsMittens already mentioned, the good thing is that it was caught by the mail server and you should be ok.

    At work here we get eamil all the time from clients addresses that look similar, I have even had several sales people call the sender and say...."Hello, you sent me a virus..." well duh!

    Unfortunatly this is just a waste of resources and time for the typical end user, and a good cash cow for the anti-virus companies....

    Hope this provides a littel insight.

    Thanks!
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  6. #6
    Member
    Join Date
    Mar 2002
    Posts
    31
    I see, Thanks everyone :-D.
    So basically someone (if they wanted) could spoof an e-mail from me with this attachment and have people (who think I actually sent it) open it up and get a virus? Assuming that they're not too bright with computers..
    ~Apollovega~
    \"I will control my Destiny Terenica...I\'m not afraid.\"

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    So basically someone (if they wanted) could spoof an e-mail from me with this attachment and have people (who think I actually sent it) open it up and get a virus? Assuming that they're not too bright with computers..
    Yup. Or in some cases "support@microsoft.com" ("here is the latest patch for your machine to protect you against Bagle. Double click to install"). It's a form of social engineering. But it's now an automated form as it's part of the virus' propagation technique.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Junior Member
    Join Date
    Apr 2003
    Posts
    20
    If I remember correctly youcan spoof an e-mail using eudore or is it pegasus mail both are free download e-mail clients etc, as far as the telnet scen goes its just a case of

    telnet
    open somejunkaddy.com 25

    read this if you really want to know

    http://user.7host.com/phuka/philes/2-hack.txt

    and take it from there I wont go into details but you can figure it out from that point just by typpinh help normally.

    I regulary send e-mail's from
    Code:
    santa@northpole.org
    ("No guessing where that came from") every Xmas to my boys and my friends children, I can get away with it because I use my own linux box to do it, but as you can see it is incredably simple to do.
    -:s33ka:-
    Be pure, Be Clean,
    Behave....

  9. #9
    Member
    Join Date
    Mar 2002
    Posts
    31
    I see.. So e-mail spoofing is possible.. Is there any way to track who sends it?
    Thanks for your guys' help.
    ~Apollovega~
    \"I will control my Destiny Terenica...I\'m not afraid.\"

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by apollovega
    I see.. So e-mail spoofing is possible.. Is there any way to track who sends it?
    Yes, you can, well, almost.. If you trace the Received: headers you can find out the ip address that send the email. By using the IP you can find out which ISP (whois info).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides