Michigan Blog - Featuring Michigan Shopping, Travel, Business & People

Someone is sending email from my email address! How do I stop them?!

Before I get started on my article - I want to apologize for not writing for a couple of weeks. I had a normal flu turn into a nightmare. Enough of that - here goes the start of a new day!

You are minding your own business - keeping your nose clean - and one day you get email from someone you've never heard of and they're asking you to stop spamming them. Worse yet - they are livid.

They may even accuse you of sending them a virus! You don't know them, you've never heard of them, and you KNOW that you have never sent them email.

Welcome to the world of advanced viruses where you can get blamed for someone else's infection.

NOTE: There is always a small possibility that your email account has been
compromised. If that is the case - the solution is simple: change your password.
This should prevent someone who may be using your account for spamming from
continuing, assuming you chose a good password and don't share it.

The MyDoom/Novarg virus currently running rampant is a great example of this problem. The virus infects someone's machine and then looks in the email address contact book on that machine and emails a copy of itself to everyone it finds in the address book. According to FSecure:

Mydoom is a worm that spreads over email and Kazaa p2p network. When
executed, the worm opens up Windows' Notepad with garbage data in it. In emails,
it uses variable subjects, bodies and attachment names. It also performs a
Distributed Denial-of-Service attack on www.sco.com. This attack starts on 1st
of February.
The worm opens up a backdoor to infected computers. This is
done by planting a new SHIMGAPI.DLL file to system32 directory and launching it
as a child process of EXPLORER.EXE.

What it also does is forge or SPOOF the "From:" address for the email that it sends. It uses the addresses in the address book to forge the FROM. So the infected machine will send email to everyone in the address book, looking as if it was sent by other people in that address book even though it was not.

Here is an example:

• Kris's machine gets infected with the MyDoom virus. In her email contact book are entries for friends Todd, and Mary. Todd and Mary have never met, have never exchanged email, and do not know each other - they each just know Kris.
• The virus on Kris's computer will send email with the virus to Todd looking like it came from Mary. Todd may wonder who Mary is and why she's sending him a virus, but she was never involved.
• If you're in Mary's shoes, it is frustrating to be accused of something that you had nothing to do with and have no control over.
• Also, your email address may end up in the address books of people you don't know. There are many reasons - but various email programs may automatically hold on to additional email addresses that were included on emails you received in the past.
• Viruses have also been known to use other sources of email addresses (not only the contact book). So common friends may not even be involved.

Email viruses lie about who sent them.

If someone accuses you of sending a virus-laden email or off-color email, and you did not, then you have very little recourse other than trying to educate them about how viruses work. Point them at this article! An important point is that you are not necessarily infected nor is the person who received the mail. It is usually a third party who is. (And identifying that third party is very hard - this is why virus writers use this technique.)

Most importantly - don't be part of the problem. Be sure that you're not going to get infected yourself: don't open attachments from people you don't know and make sure you have an up-to-date virus checker and virus definitions file on your computer.

McAffee Internet Protection & AntiVirus Scan
Norton Internet Security and Virus Protection
WhiteCanyon Identity Theft Software
Computers & Concepts, Inc.
ESET NOD32 Antivirus Software System
Prisma Firewall - Stealth Internet Protection

Labels: Email Spoofing