Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share


Email Worm Spoofing - Spoofing Explained

A lot of modern worms use email spoofing when they send themselves from an infected computer. This spoofing tactic has led to a great deal of finger pointing and confusion among Internet users. Because of spoofing, it may appear that person A sent person B a worm-infected email when this was not the case. Thus, spoofing increases the negative impact of worm outbreaks because it leads to unfair accusations, miss-directed warnings, and the erroneous blacklisting of email addresses.

Simply put, spoofing as it relates to worm dissemination, works like this:

  1. Someone who has your email address stored somewhere on her or his computer, becomes infected by a worm that uses spoofing.

  2. The worm searches for email addresses on the infected computer and sends itself to them.

  3. The worm inserts one of the email addresses it finds in the "From:" field of the virus emails it sends. In other words, it may use your address in the "From:" field, which tricks unwary recipients into thinking that the virus came from your computer.

Thus, even though you may practice safe computing and have a worm free machine, you may be unfairly accused of spreading the infection. Meanwhile, the actual sender may remain unaware that his or her machine is infected.

If you are unfairly accused:

  1. First, make sure your system really is free of infection by running a full system scan with up-to-date anti-virus software.

  2. Next, reply to the accuser with an explanation of spoofing and assure him or her that your system is not infected. Try to include a link to a webpage that provides information about email worm spoofing to back up your statement.

If you receive a worm-infected email, don't immediately fire off an email that accuses the apparent sender of posting you the worm. If possible, look up information about the worm on an Anti-Virus website such as Symantec and try to determine if the worm is one that uses spoofing. You may also be able to verify the actual sender by checking the headers of the email carrying the worm. View a detailed explanation of interpreting email headers.

You can help to reduce the impact of worm outbreaks by being aware of this spoofing issue and informing others where necessary.

Write-up by Brett M. Christensen