Thread: Malware from my email
View Single Post
  #9  
Old 02-04-2013, 08:15 PM
White Borders's Avatar
White Borders White Borders is offline
Craig Wright
Member
 
Join Date: Apr 2009
Location: South-Central Kansas
Posts: 724
Default Email Spoofing
Quote:
Originally Posted by Ronnie73 View Post
Leon, I'm not sure if you use Facebook but there are viruses that float around the Facebook servers and tends to send out emails saved on your computer. They usually use your first or first and last name in the from part of the email but if you hover over the name, usually a odd looking email shows. Either way, everyone should always hover over the "From" name to see the domain its coming from especially if theres an odd link in the email. Changing your pasword with this type of problem does not help since its not really sending it from your email. It's only using your contacts while your email is open.
Hovering over the "from" email address reveals that it is actually Leon's email address. There were eight "to" email addresses, some I recognized but some I don't. One thing to know about email spoofing is that a worm could have accessed any of our email address books, or someone not even on the distribution but had all of our email addresses in their address book. The worm then sends an email using one of the email addresses in the book as the "from", in this case Leon's email address. It then uses other email addresses from the book to send "to".

The underlying problem with email is that it is still based on old protocols. SMTP (Simple Mail Transfer Protocol) is used to send mail from Port 25 if I remember correctly). It really doesn't offer much in the way of authentication. To receive email from a mail server, POP (Post Office Protocol) is still in use (along with a few newer protocols). I think it is now up to POP3 which has better encryption and uses a username/password to access email accounts.

If it is an email that contains viruses or illegal material, you might be able to get the network provider to backtrack the IP address to the actual sender.

If it is just leads to a phishing site or spam site (which is where this email lead), then just delete it and change your password (you don't need to your username or email service or internet provider!) and you can notify others on the "from" and "to" to change their email passwords, too.

Best Regards,
Craig
__________________
craig_w67217@yahoo.com
Reply With Quote