Skip Maine state header navigation
A Publication Featuring The Information
Services Technology of Maine State Government
| Volume VII, Issue 3 | March 2004 |
|
|
By Bob Witham
Beginning in January of this year, W32/Mydoom@MM virus began circulating on the Internet via e-mail. One of the particularly confusing aspects of this virus is that it "spoofs" the senders address. By "spoofing" we mean using someone else’s address other than your own.
The Mydoom virus does this by searching the MS Outlook address book on the infected machine, and selecting an e-mail address at random. It then plugs that address into the FROM field of the e-mail message, and selects another random address to send the e-mail TO. The virus is clever enough to avoid using the infected machine’s MS Outlook e-mail address. This should explain why so many of you may have received e-mails from one source or another saying you had sent them an e-mail infected with the Mydoom virus. Generally these e-mails have left people scratching their heads, because they just don’t remember sending anything to this person, nor do they even know the person named in the message. It is just the virus selecting random names from someone’s address book. Moreover, there is no way of telling who is really infected.
|
Did You Know? Spoof is a pub game invented in the 19th century by British comic (Sir) Arthur Roberts. You can find out all about playing Spoof at www.spoofers.org. |
Spoofing can also be accomplished by manually modifying the FROM address field. You need to play a little bit outside of the rules to accomplish this, but it can be done. I’m even willing to bet that many of you have accidentally spoofed an e-mail address without realizing it. For example, when you establish a new computer to use MS Outlook Express e-mail, one of the required tasks is to enter your e-mail address in the setup. If your e-mail address is Jdoe@yahoo.com, and you incorrectly enter Jdoe@yahoo.org, then you have spoofed your own e-mail address. You can send e-mails, but people can’t reply because this is not your actual address. Worse yet, if you entered your address as Djoe@yahoo.com, the replies might actually go to a real address. Not likely I know, but it could happen. Those with impure motives purposefully enter a different e-mail address!
If you send unsolicited e-mail (SPAM), just imagine how handy it is to use a FROM address that either doesn’t exist, or is not yours. You can send out gobs of e-mail from gwbush@whitehouse.gov. If anyone replies to it, you don’t worry, because it certainly isn’t arriving in your in-box!
Virus writers make use of this situation for a couple reasons. One, it makes it more difficult to track down where viruses are actually coming from. Secondly, by using faked e-mail addresses, more e-mails are sent. This suits the virus writer’s intention because s/he wishes to generate extra e-mail to "clog" the Internet. It is all about being as destructive as possible. The more people who notice a slowdown, the bigger the psychological reward to the virus writer. Most of us can’t imagine why anyone would want to waste their time and talent in such pointless endeavors. It is rather like trying to empty the ocean with a teaspoon; but all of us have seen toddlers at the seashore try to do just that. We can only hope that these virus writer toddlers soon will grow up and cease their "weasel-like ways"!
