Email Spoofing - Methods

Methods

Because many spammers now use special software to create random sender addresses, even if the user finds the origin of the email it is unlikely that the email address will be active.

The technique is now used ubiquitously by bulk email software as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for email addresses within the address book of a mail client, and use those addresses in the From field of emails that they send, so that these emails appear to have been sent by the third party. For example:

Alice is sent an infected email and then the email is opened, triggering propagation.
The worm finds the addresses of Bob and Charlie within Alice's address book.
From Alice's computer, the worm sends an infected email to Bob, but the email appears to have been sent by Charlie.

This can be particularly problematic in a corporate setting, where email is sent to organisations with content filtering gateways in place. These gateways are often configured with default rules that send reply notices for messages that get blocked, so the example is often followed by:

Bob doesn't receive the message, but instead gets a message telling him that a virus sent to him has been blocked. Charlie receives a message telling him that a virus sent by him has been blocked. This creates confusion for both Bob and Charlie, while Alice remains unaware of the actual infection.

Newer variants of these worms have built on this technique by randomising all or part of the email address. A worm can employ various methods to achieve this, including:

  • Random letter generation
  • Built-in wordlists
  • Amalgamating addresses found in address books, for example:
    • User1 triggers an email address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users email address book
    • The worm sends an infected message to user2@efgh.com, but the email appears to have been sent from user3@mnop.com

Read more about this topic:  Email Spoofing

Famous quotes containing the word methods:

    The comparison between Coleridge and Johnson is obvious in so far as each held sway chiefly by the power of his tongue. The difference between their methods is so marked that it is tempting, but also unnecessary, to judge one to be inferior to the other. Johnson was robust, combative, and concrete; Coleridge was the opposite. The contrast was perhaps in his mind when he said of Johnson: “his bow-wow manner must have had a good deal to do with the effect produced.”
    Virginia Woolf (1882–1941)

    The greatest part of our faults are more excusable than the methods that are commonly taken to conceal them.
    François, Duc De La Rochefoucauld (1613–1680)

    The methods by which a trade union can alone act, are necessarily destructive; its organization is necessarily tyrannical.
    Henry George (1839–1897)