Some important email virus information

This is from a post in my other blog from last August, but i was just re-reading it and finding it amusing, so I thought I’d share.

A couple friends of mine have been “accusing” me of emailing them viruses…so I figured this was as good a time as any to discuss exactly HOW these viruses work, and why you shouldn’t go all apeshit when you get a virus that APPEARS to come from a certain email address.

Basically, this is how these email worm propogate (all names used for comedic value and to make things clear).

The cast of characters

Larry – Larry is running Windows XP Home Edition on his brand new Dell computer that he just bought. Larry has a cable modem so that he can buy used porn tapes on eBay. Larry reads his email with Outlook Express.

Matt – Matt also runs a Windows operating system. He is running an updated antivirus software on it. He reads his email with Outlook XP.

Dallas – Dallas uses Linux on his computer. We don’t know what he uses to read his email, and frankly, we don’t care.

So let’s trace the email virus…Larry’s computer gets infected with the virus. It immediately goes to his address book, as well as his inbox and sent items folder, and sends emails (with the virus attached) to every single email address it can find. Of course, to make itself harder to track, it doesn’t put Larry’s email address as the “from”…but one of the other email addresses it finds. For example, Dallas’s.

Matt receives an email that appears to be from Dallas. His antivirus software strips the infected attachement, but Matt figures out that it was from a virus. He immediately calls up Dallas and yells “Hey fucker, you sent me a virus”.

Dallas climbs up on the High Horse of Open Source and quietly and rationally explains that he could not have sent the virus, as he uses StrokeTorvalds-c to read his email, and since nobody but Dallas and Jake use that program, nobody’s bothered to write a virus for it.

Make sense? Never trust the “from” header in email…it’s super-easy to spoof. If you have the technology and wherewithal to do so, look at *all* the headers. You won’t always be able to tell exactly WHO sent the email, but you can start to track it down.

Of course, if you a) don’t open attachements from email EVER or b) run updated AV software, this is less of an issue. But again, before going apeshit on someone, check the *real* headers.

OleanderBoys Don’t Cry

OleanderBoys Don’t Cry

OleanderBoys Don’t Cry


~ by Matt Stratton on June 24, 2004.

2 Responses to “Some important email virus information”

  1. I hate how easy it is to spoof the from field… or the return-path… cause I keep getting spam from myself… and I can’t blacklist the bastard cause that bastard is me… and then I wouldn’t be able to get my own mail that I send myself from myself…

  2. Please note I *sell* used porn on eBay. Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: