On The Insider: Brooke Hogan to Pose for Playboy?

Search:
Go!


Today on CNET
Reviews
News
Downloads
Tips & Tricks
CNET TV
Compare Prices
Blogs
Cell phones| Desktops| Digital cameras| Laptops| MP3 players| TVs| All Categories


Click Here
Security Watch : Don't get burned by viruses and hackers.
Why I'm not sending you viruses
E-mail to a friend
Send us feedback
By Robert Vamosi 
Senior associate editor, CNET Reviews
April 5, 2004

Since this latest swarm of medium-threat viruses started, I've gotten a fair number of e-mail messages claiming I sent someone a virus. Well, I didn't. Not only do I have a corporate gateway to stop incoming viruses, my desktop also runs an enterprise version of an antivirus program.

I've become a victim of what I call "viral-borne identity theft," a.k.a. spoofing. Here's what e-mail spoofing is and what you should be aware of. But I'll warn you up front: there's not a whole lot you can do to stop spoofing except minimize your exposure.

How viruses steal e-mail addresses
Once upon a time, you could trust the return address on a given e-mail message. In most cases, that's still true today, but with the advent of computer viruses and spam, the name after the "From:" is sometimes spoofed. The sender disguises him or herself to be someone else, someone you might know, in an attempt to get you to open the e-mail. 

There's not a whole lot you can do to stop spoofing except minimize your exposure.
In my case, here's what happened: My e-mail address here at CNET Networks appears on just about every story I write. When you read my work, your Internet browser caches a copy of the page on your hard drive for fast retrieval should you want to read it again. If your computer should become infected with a virus, that virus might parse the cached HTML pages and pull out any e-mail addresses it finds. It also culls addresses from your Outlook contacts and various other documents stored on your hard drive. Newer viruses also have the ability to attach common names to stock domains, such as .aol, .msn, .yahoo, and those used by several antivirus vendors, thereby guessing e-mail addresses on the fly (but a lot of these created addresses fail, of course).

The virus then sends copies of itself. To do so, it uses its own SMTP engine to bypass your e-mail client and any built-in safeguards your e-mail client may have. Not only will the virus try to send me a copy of the virus, for example--and, later, plenty of spam, thank you very much--the virus might also attempt to use my e-mail address as the sender's return address to infect others.

How enterprise antivirus systems add to Internet traffic
But wait, it gets worse. Even if friends and family understand that I likely did not send them a virus, some enterprise antivirus program with built-in return messages will state emphatically that I have a virus. Here's how that works: As the forged e-mail enters their enterprise system, that system bounces it back to the apparent sender with a message that authoritatively states, "You are infected with XXX virus." I have hundreds of these bounced e-mail messages claiming that my PC is infected with MyDoom.f, Netsky.d, or Bagle.c. It's not.

In the middle of an e-mail virus outbreak, messages such as these--originally intended to provide a useful service--only add to the Internet traffic jam. Brian Martin, a.k.a. Jericho at Attrition.org, wrote a thorough critique of the current methods being used, complete with examples. His conclusion? System administrators need to turn off this "helpful" feature if they haven't already.

With a little finesse, almost anyone can manipulate the header information on e-mail to disguise its true origin.
Unfortunately, the spoofing problem itself lies deep under the hood of the Internet, within SMTP, or Simple Mail Transfer Protocol, the Internet protocol used for sending e-mail. SMTP was created many years ago and lacks a modern method for verifying the authenticity of the sender. With a little finesse, almost anyone can manipulate the header information on an e-mail message to disguise its true origin and make it appear as though someone else sent you a message.

Bill Gates has started talking up Microsoft's idea to charge "postage" for e-mail, a program that's specifically aimed at reducing spam but would work for e-mail-borne viruses as well. I honestly don't think putting postage on e-mail would fly. So the only lasting solution would be to revamp SMTP, but that's years away from fruition.

In the meantime, there's not much you can do to stop e-mail spoofing, except minimize your chances of contributing. If you have a Web site or regularly post to online forums, consider keeping your e-mail address off the site--this includes the code mailto:your_name@domain.com buried within the HTML. And if you really need to post it, consider putting the e-mail address within a JPEG so that the virus can't parse out the information. But no matter how careful you are, you can't stop the latest virus from stealing your address out of a friend's in-box (although you can tell your friends that they really need to install some form of antivirus protection).




Security Center
Top antivirus apps
From CNET Reviews
Top antispyware apps
From CNET Reviews
Virus and security alert forums
From CNET Message Boards




3/29/04
How we could have benefited from Richard Clarke's passion
The former cybersecurity adviser to President Bush contributed many good ideas to the National Strategy for Securing Cyberspace proposal. Unfortunately, no one in Washington or within the security industry wanted to listen.

3/22/04
How you can foil virus writers
Virus writers seem to be trying every trick they can these days to infect our computers, but we can fight back. Find out how.

3/15/04
Don't be duped by hackers without computers
Your company has a firewall, but criminal hackers often access internal networks without a computer. Learn the subtleties of social engineering attacks and how to protect yourself.

More commentary


More commentary
Buzz Report
Molly Wood
Taking a bite out of hype.
Security Watch
Robert Vamosi
Don't get burned by viruses and hackers.
Fully Equipped
David Carnoy
The electronics you lust for.
On Call
Kent German
Solutions for your wireless woes.
Driving It
Wayne Cunningham
What's hot and what's not in car tech.

Help Center|Newsletters|Corrections|What's New|All Product Reviews|
Search:
Go!

Popular topics: Apple | Antivirus | Cell Phones | Dell | Digital Camera | Firefox 3 | Games | iPhone | iPod | iTunes | Laptops | Norton | PS3 | Verizon | Wii | Xbox 360
CNET.com
About CNET|Today on CNET|Reviews|News|Compare prices|Tips & Tricks|Downloads|CNET TV
Popular on CBS sites: World News | Fantasy Football | Amy Winehouse | Baseball | E3 | Batman | Firefox 3 | iPhone 3G
About CNET Networks | Jobs | Advertise


© 2008 CNET Networks, Inc., a CBS Company. All rights reserved. | Privacy Policy | Terms of Use