Email Worm Spoofing - Spoofing Explained
A lot of modern worms use email spoofing when they send
themselves from an infected computer. This spoofing tactic has
led to a great deal of finger pointing and confusion among
Internet users. Because of spoofing, it may appear that person
A sent person B a worm-infected email when this was not the case.
Thus, spoofing increases the negative impact of worm outbreaks
because it leads to unfair accusations, miss-directed warnings,
and the erroneous blacklisting of email addresses.
Simply put, spoofing as it relates to worm dissemination, works
- Someone who has your email address stored somewhere on her or
his computer, becomes infected by a worm that uses spoofing.
- The worm searches for email addresses on the infected computer
and sends itself to them.
- The worm inserts one of the email addresses it finds in the
"From:" field of the virus emails it sends. In other words, it
may use your address in the "From:" field, which tricks unwary
recipients into thinking that the virus came from your computer.
Thus, even though you may practice safe computing and have a worm
free machine, you may be unfairly accused of spreading the
infection. Meanwhile, the actual sender may remain unaware that
his or her machine is infected.
If you are unfairly accused:
- First, make sure your system really is free of infection by
running a full system scan with up-to-date anti-virus software.
- Next, reply to the accuser with an explanation of spoofing and
assure him or her that your system is not infected. Try to include
a link to a webpage that provides information about email worm
spoofing to back up your statement.
If you receive a worm-infected email, don't immediately fire off
an email that accuses the apparent sender of posting you the worm.
If possible, look up information about the worm on an Anti-Virus
website such as Symantec and try to determine if the worm is one
that uses spoofing. You may also be able to verify the actual
sender by checking the headers of the email carrying the worm.
View a detailed explanation
of interpreting email headers.
You can help to reduce the impact of worm outbreaks by being
aware of this spoofing issue and informing others where necessary.
Write-up by Brett M. Christensen