Oh joy, and now for the email spoofers

by Alphaville Herald on 28/04/04 at 10:06 pm

Everyone in the Alphaville community should be on alert that someone has been spoofing email accounts in an attempt to transmit viruses/worms. Spoofing is a fairly simple hacking technique, wherein one sends an email that appears to be coming from another source. In recent days, the email addresses of both Mr-President and Peter Ludlow (ludlow@umich.edu) have been spoofed and viruses have been sent in the messages. The viruses themselves were fairly lame (easily detected), and spoofing is a trivial thing to do, so one suspects we are looking at the efforts of 1@m3rZ, but please take proper caution with all email. All email should be run through virus protection software, no matter what the apparent source. Peter Ludlow says that you should contact him via YIM before you open any unsolicited email attachments from him, or else check the digital signature associated with that email address. An example follows.

17 Responses to “Oh joy, and now for the email spoofers”

  1. Ian

    Apr 28th, 2004

    I got a Paypal one tonight, all out of format. thanks for the heads up petey ;-)

  2. Punker

    Apr 28th, 2004

    Spoofing? All you need to do is make your reply address and send address whatever you want in Outlook or whatever mail program you use. Hacking? No hacking involved unless you check the actual header information in the e-mail to see if that information matches yours.

  3. Urizenus

    Apr 28th, 2004

    I meant hacking in the very loose sense that would also include social engineering and very simple forms of deception. But yeah, checking headers is a good idea, albeit not failsafe if a proper hacker is involved in the spoof. I asked the people who recieved the spoofed emails to send me the headers but they lost them or something.

  4. TBT

    Apr 29th, 2004

    Uri actually noone is “spoofing” email addreses, but the worms virsus theirselves are… It’s VEY common for this to happen.. Basically a users somewhere gets infected by a dreaded virus by opening an attachment.. What the virus does is infect their PC and it just grabs a random name/email address from their addresbook then sends itself to EVERYONE in their adress book with a simply subject line that makes it appear as if this friend sent you an email.. It fools users into thinking a friend sent it thus they try the attached file and bam! now they are affected and their pc sends to the entire klist and chooses arandom name to send from.. and on and on and on…

    Very, VERY common these days.. I must get a good 50 to 100 a day when the viruses are in their prime days and about 10 – 30 on off days LOL

  5. Punker

    Apr 29th, 2004

    Those type of viruses send to an address they pull (Melissa Virus for example) from the infected persons PC. They dont pick an address to send from from a list of contact. It sends from the infected PC. I was on a virus responce team for a fortune 100 company. From the sounds of it it is either they are infected (Uri and President, which I doubt) or it’s someone just sending stuff old school with just a different send from address.

  6. Urizenus

    Apr 29th, 2004

    I don’t think it was generated by a virus, because the recipients were not people in my email address book. I hadn’t communicated with them via umich at all. Plus I get daily anti-virus updates from the University, so…

  7. Mr-President

    Apr 29th, 2004

    Yeah, it wasn’t a virus on my end either. It was in fact someone making it look like the e.mail was coming from my address.

    Recommended:

    Ad-aware:
    http://www.lavasoftusa.com

    SpyBot S&D:
    http://www.safer-networking.org

    ZoneAlarm Firewall:
    http://www.zonelabs.com

    (Taken from the Hacking Protection/Awareness page at avgov.com)

    I’m also a long time user of PGP. It’s FREE and very, very good.

    I’ve never really had to sign my TSO e.mails until recently. What is this Sim world coming to?

  8. Viva T

    Apr 29th, 2004

    I got a mail from ludlow@umich.edu, but i didnt read it, i knew it was a virus.

  9. TBT

    Apr 29th, 2004

    Yes thats exactly what i’m saying the emails are coming from users with infected pcs.. I’m amazed at ho many people have my address in their contact lists because I get emails from “my address” to mnyself with viruses attached.. And my pcs are scanned at the very leat weekly and i know i’m not infected… I ‘USED’ to think the same thing that someone was targetting me and trying to send me viruses, but after you start receiving literally dozens per day and often alot more you realize its not from one person..

  10. TBT

    Apr 29th, 2004

    As an example I have uri’s email in my addy book and i get infected.. My pc sends emails to everyone on my list but uses Uri as the “supposed” sender… So peeps get emails thinking its from uri, but twas really mine thus they thinik “oh i know uri it must be ok” they try the file, get infected, then their pc sends emails to everyone on their listt and picks a random name/email as the sender and so on…

  11. Urizenus

    Apr 29th, 2004

    Could be. I see that a lot in fact. This case seemed highly targeted, however. Which is to say when the spoofed addy is generated from someone’s mailbox, I usually receive email that is kicked back from servers with screening procedures. In this case I just heard from a very narrow collection of TSO players — players that all happened to be in the radar of a certain nasty piece of work. Either way I guess the moral is the same. Scan the incoming and veryify the source.

  12. Mrs President Bradley

    Apr 29th, 2004

    Who is my wannabe? You all want to be me, right? I am your ruler, you shall all bow down to me. No Im not stopping scamming, Scamming and hacking is my life. :) I need to send out a little warning….Seth Galloway watch out. :)

    Your Ruler
    Mrs. President Bradley

  13. Viva T

    Apr 29th, 2004

    Mrs Bradley, Haha you can’t hack my account, I am too smart for you, little girl/boy =)
    Most hackers are so ugly! They look like computer nerds, they wear big glasses and have pimples. They have no life, like you Mrs

  14. Mrs.PresidentBradley

    Apr 29th, 2004

    HAHAHA what a dumb girl you are. Too bad your a nasty trans and the world will never except you. I dont even think it has to do with you being a trans. Isn’t that ironic? Seth you are not a target (your pathetic attempt to befriend us was funny though). Of all people Viva should know what ugly is. Oh and didn’t you hack someone? Your just a hypocritical bitch with no life. At least I live my OWN life. Your little copies of us were very poor. Just do us all a favor and shut the hell up. By the way your sterotypical ways are very funny. NOw your the one makin US laugh keep it comming.

  15. Mrs President Bradley

    Apr 29th, 2004

    Oh and the waiting an hour was a nice touch;)

  16. van

    Apr 29th, 2004

    mrs president, you get an F for originality.
    whos the teacher now?

  17. Urizenus

    Apr 29th, 2004

    Not to interrupt this rich flow of ideas between isa and Mrs. Bradley, but back to the question of whether this was an intentional spoof of my account, the following, which Seth received, should be illuminating. This is the message he received in the spoofed email, which encouraged him to open the virus-containing attachment.

Leave a Reply