Hi-Jacked email address - how?

[BillD]

We have all gotten the forwarded emails with dozens of other people's email addresses showing because the sender did not have the courtesy to send them as blind messages. I always thought the only real hazard there was the fact the the wrong people might get these things and harvest the email addresses for sale or use.But all of a sudden, my wife has started receiving spam emails that seem to come from a cousin of hers; the sender appears to be the same address as her cousin's, but they are not coming from her. Expanding the headers does not provide any info except the dns number they came from, and since her cousin has a dynamic dns (like nearly all of us) that provides no info (to me at least).What I cannot understand is how this can be accomplished? How can you send an email with someone else's "from" address; i.e., same name @ same ISP?Thank you,Bill

Edited January 22, 2011 by BillD

[V.T. Eric Layton]

Here ya' go, Bill...http://en.wikipedia.org/wiki/E-mail_spoofing

[BillD]

Very nice explanation, altho I still don't know how the sender's address can be faked into something else, however, I have never understood what there is about the EICAR virus test file that triggers AV software either.

ill-intentioned users can make the e-mail appear to be from someone other than the actual sender.

Yes, but how?There is just so much I don't understand . . . I wish I knew a geek to explain it all to me in person!Bill Edited January 22, 2011 by BillD

[V.T. Eric Layton]

Going beyond what that article explains to the point of actually discussing spoofing/email hacking methods would be a violations of Scot's TOS. And besides, I don't specifically (nuts and bolts) know how it's done either.

[ross549]

Yes, but how?

If we knew how to write the software, we can send data out on the internet to look like anything we want. It is part of what makes the Internet useful today- it is not locked down to a certain set of protocols that strictly define what we can do. Anyone can do anything they want, pretty much.So if a new thingamajig comes out using a new protocol, the internet can "handle" it.E-mail and the brows-able web are defined by certain standards, called RFCs. These define the normal behavior exhibited by e-mail programs and browsers. Other protocols, such as ident services and FTP, are also defined by RFCs. Most programmers try to program within the scope of the RFCs in order to ensure compatibility with other services out there. It is what makes it possible to use any number of hundreds of e-mail Programs to download your e-mails. (Imagine a world where these standards did not exist!)In any case, if you are a programmer and know how to address the TCP/IP stack in your operating system, it is a simple matter to create a program that scans the host computer for e-mail addresses (think e-mail files and address books), and start sending out e-mails using those addresses. It would not being going through an e-mail program, it would simply **** those e-mails out via its own built in "mail server."I am not a programmer, so I do not know the specific methods. However, these scammer/spammer guys are getting really good at this. An infected machine might be generating the e-mails, or acting as a relay, or some other sophisticated function. The point is, they are not adhering to the normal standards on the internet. They are doing whatever they can to get as many scam/spam e-mails out there. After all, people click links.Hope this gives you a better idea what's going on.Adam

[V.T. Eric Layton]

We're talking about different methods here...You can spoof an email address, but not actually be using that account to send the email. It just looks like it's coming from that email account, hence the word "spoof".You can gain access to the account by skimming for passwords or having a key-logger trojan on a system reporting keystrokes. In that case, you actually take over the victim's account to send your fraudulent emails.Or, as Adam talks about, an infected system (a zombie) can be used to send out emails from the victim's own email client/accounts without them even knowing that it's happening.Those are just three methods that I know of that SPAMMERS and other miscreants use to manipulate email.

[ross549]

Or, as Adam talks about, an infected system (a zombie) can be used to send out emails from the victim's own email client/accounts without them even knowing that it's happening.

That's not what I am talking about. Consider the following situation.....Lets say I am running an unpatched, non-updated computer with Windows XP on it. I am hooked directly to the cable modem, with no router.I am running Outlook Express or whatever they call it now. I have Eric's e-mail address in my address book. Think of how many computers I am describing (shudder).I could gt a virus on my machine. That virus has a Mail Transfer Agent built in (they can get pretty sophisticated). That virus skims my computer for addresses. Bingo! It found Eric's! Now the virus starts sending spam and virii via e-mail using the SImple Mail Transfer Protocol, with Eric's name as the sender. In this scenario, we've not used Eric's e-mail program, my e-mail program or either of our e-mail providers to accomplish the task- the virus simply does the work itself. After all, it is easier that way. All the virus has to do is get on the system with an active connection, skim for email addresses, and get to work. Some virii also contain Internet Relay Chat software where they go to a designated chat room and await instructions. What I am describing happens all the time, and the virus writers are getting more and more sophisticated in their techniques to hide this activity from the owner of the computer. Lots of interesting stuff is happening in the virus world.Adam

[V.T. Eric Layton]

Ah! Well, in your scenario, Adam, my email address was basically harvested off the infected system. The recipient of the harvesting did so either to use my email addy as a receiver of SPAM or a sender (as a spoofed address). I've actually had that happen to me. It was years ago, but I still remember how shocked I was to be getting all these nasty emails from folks telling me to stop sending them SPAM. I sent replies pleading ignorance to the first few, but then realized they were as ignorant about how that stuff happens as I was at that time. It finally faded away, thankfully. It was on my Yahoo mail account, which I used for a lot of things back then.

[BillD]

I've actually had that happen to me. It was years ago, but I still remember how shocked I was to be getting all these nasty emails from folks telling me to stop sending them SPAM. I sent replies pleading ignorance to the first few, but then realized they were as ignorant about how that stuff happens as I was at that time.

Yes, that happened to my son, it about drove him nuts writing people to explain that it wasn't really him doing it, and this was really bad because it was his ISP main account; not a Yahoo throw away one!Bill

[V.T. Eric Layton]

Well, I don't consider my Yahoo account a throw-away (I've had it since 2000), but it sure would have been worse on my ISP account. I only use my ISP account for business online. All else is gmail, hotmail, yahoo, etc.

[BillD]

Well, I don't consider my Yahoo account a throw-away (I've had it since 2000)

Yes, oddly, I have had mine since 2000 also and it became a throw-away as it became increasingly contaminated with spam (now I just use it for one time things where I am not sure about the future behavior of mail recipients from it) and I have been as careful as possible not to let that happen to my ISP account Bill

[V.T. Eric Layton]

Hmm... I've had a different experience with Yahoo Mail, I guess. Yes, there was a time when a lot of SPAM was showing up in my Inbox, but those days are long gone (5+ or more years ago). Yahoo's SPAM filters are some of the best I've ever seen used on webmail. They're much better than Hotmail's, for instance. Almost zero SPAM shows up in my Inbox at Yahoo these days.