Forged Email
Do you suspect someone has forged emails from your account?
There has been quite a bit of confusion lately regarding email. Many individuals at the University have been receiving messages that state they sent an email containing a virus, but according to their knowledge, they did not send a virus. What really happened is that a virus used these individuals' email addresses to send spam without the users' knowledge. To help alleviate some fears, a short explanation of how these viruses use email is below.
How a spamming virus works
For an email today, typically the recipient sees something like this:
_______________________________________________________
Date: Fri, 30 Jan 2004 07:28:45 +0000
From: Company X <sender@example.com>
To: joe.user@rochester.edu
Subject: You may have already won!!!
________________________________________________________
The physical equivalent would be kind of like this:
One important point to make about both of the above examples is that sender@example.com may or may not have sent the message. Anyone can put mail in a mailbox with a false return address on it. In the same way, anyone can claim to be someone else when sending an email.
Many recent viruses take advantage of this, and pretend to be from someone else, mostly to help hide their tracks and to try to give legitimacy to the message. After infecting a system, they will collect all the email addresses that they can find on that computer, and take two of them at random. The first one become the "From" address and the second one becomes the "To" address. In almost all of the cases, neither of these people nor their computers were involved in this. However, many anti-virus servers are configured to send a warning back to the sender - in this case, the forged "From" address. The only relation that the alleged sender may have to the recipient is that a third person, who has both the sender and recipient's email addresses, has been infected.
To prevent this from happening again in the future, be sure to update your anti-virus protection.
