Virus: Email Spoofing

Email Spoofing

E-mail spoofing is the forgery of an e-mail header so that the message 

appears to have originated from someone or somewhere other than the 

actual source. Distributors of spam often use spoofing in an attempt to 

get recipients to open, and possibly even respond to, their solicitations. 

Spoofing can be used legitimately. Classic examples of senders who 

might prefer to disguise the source of the e-mail include a sender

reporting mistreatment by a spouse to a welfare agency or a 

"whistle-blower" who fears retaliation. However, spoofing anyone other 

than yourself is illegal in some jurisdictions.

Possibilities: 
 E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending

e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF 

RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often 

taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use 

it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message 

information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the

sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message

that you didn't write.

Methods:

Because many spammers now use special software to create random sender addresses, even if the user finds

the origin of the e-mail it is unlikely that the e-mail address will be active.

The technique is now used ubiquitously by bulk e-mail software as a means of concealing the origin of the 

propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for 

e-mail addresses within the address book of a mail client, and use those addresses in the From field of 

e-mails that they send, so that these e-mails appear to have been sent by the third party. Newer variants 

of these worms have built on this technique by randomising all or part of the e-mail address. A worm can 

employ various methods to achieve this, including:

• Random letter generation
• Built-in wordlists
• Amalgamating addresses found in address books

Squirrel Mail Spoofing: 
Spammers are also using other methods to spoof and send spam via web based emails. First the spammers 

deploy brute force robots where they attempt to guess a common password.  The spammer’s robot takes 

advantage of common situations like known passwords and will send random query of all possible users and 

passwords for months and even years.

          Using robots the spammer can send hundreds of queries per minute. Once the password of users online 

is guessed the spammer will login via webmail which is usually installed on many servers. SquirrelMail is 

commonly used. They then change the ‘Personal Information’ to spoof their spam. Here the spammer changes 

everything so the reply address is listed but the actual server address is valid. For example if the domain is 

abc.com the spammer will leave this in the emailaddress field because most servers will deny or fail via 

authentication anything that does not have the server domain. However the spammer changes the reply address, 

which often enables them to get replies. The spammers are also time efficient in that they do not want to copy 

and paste the body of the message. So they insert the spam in the SIGNATURE contents.

The spammer can now send email like a regular user. They compose a new email. They insert recipients 

in the BCC field and their spam contents are automatically inserted. This is how email is being spoofed and

spam mails are sent.

Posted in: Autofilter Spam,computer virus,email client support,free,how to,PC Support,spoofing,tech support,Technical Support,TechSupp247