[DeTomaso] creepy

asajay at asajay.com asajay at asajay.com
Wed Feb 6 13:42:59 EST 2008 

A scammer can fake an outgoing email address and spoof most of the  
header.  However, there are other tell-tale signs that indicate the  
email is coming from the detomaso forum server, as being relayed from  
a legitimate subscribed member.

That is NOT to say the infected machine is being held by a member on  
this list, only that in order to get an email through the forum, you  
must use a subscribed address.

On the server side of things, the thing to check is the origin IP of  
the incoming message, which probably can't be spoofed so easily since  
you're not looking in the header of the email, you're looking at the  
server logs.  It's tricky, and takes time to investigate.

But it is my opinion that the spam/virus emails are coming -through-  
the detomaso email server, but may -not- necessarily be generated by a  
subscribed members computer and are most likely -not- being generated  
-by- the detomaso server.

my two cents,

Asa Jay

Quoting Christopher Kimball <chrisvkimball at msn.com>:

>
> I've heard that some scammers can hijack email addresses and send   
> things through them to avoid detection.
>
> Chris
>> Date: Wed, 6 Feb 2008 06:47:03 -0800> From: asajay at asajay.com> To:   
>> detomaso at realbig.com> Subject: Re: [DeTomaso] creepy> > Looking at   
>> the headers of many of these it does appear as though the > forum   
>> is the sending party. However, that may simply mean that >   
>> something is sending to the forum and the forum is doing its normal  
>>  > thing, relaying the message. So this lends me to believe Charlie  
>>  is > correct. The thing to do as a forum admin, is to scrub the   
>> incoming > message for clues of its origin and then maybe we'd get   
>> some traction on > the source.> > > Asa Jay> > Asa Jay Laughton,   
>> MSgt, USAFR, Retired> > & Shelley Marie> Spokane, WA> > 1973   
>> Pantera L 5533> [ASASCAT]> > ****************************** >   
>> http://www.asajay.com> http://www.351c.info> > > > > Charles McCall  
>>  wrote:> > The spambot armies are doing battle. This is a   
>> man-in-the-middle style> > attack from scraped Google mailing list   
>> archive email addresses.> >> > The 'From' field is easily spoofed   
>> on email from zom
>  bie spamming computers> > to lull the recipient into opening an   
> attachment that can take over your> > machine if you don't have   
> virus protection (and open it).> >> > Time to anonomize email   
> addresses in the archives that let search engines> > index?> >   
> ***I'm not sure if the e-mail addresses came from the archives. I   
> tend to> > agree with the opinion of someone last week that said   
> that someone on the> > list is infected with a virus that uses their  
>  address book to send out spam.> >> >> > Of course we're safe  
> because  the Forums software strips attachments to> > protect us  
> from this  very problem, but it is kind of weird. I'm not a> >  
> computer expert,  but I'm not really sure how a list administrator  
> could> > prevent  this either... I think that the solution is for  
> everyone to run a> >  virus check on their computer so that the  
> "guilty party" gets  healthy again> > and stops spamming us! > >> >  
> Of course, all that  is just a theory of course...> >> >  
> ________________________________
>  _
>  ______________> >> > Detomaso Forum Managed by POCA> >> > Archive   
> Search Engine Now Available at http://www.realbig.com/detomaso/> >>   
> > DeTomaso mailing list> > DeTomaso at list.realbig.com> >   
> http://list.realbig.com/mailman/listinfo/detomaso> >> >> > >   
> _______________________________________________> > Detomaso Forum   
> Managed by POCA> > Archive Search Engine Now Available at   
> http://www.realbig.com/detomaso/> > DeTomaso mailing list>   
> DeTomaso at list.realbig.com>   
> http://list.realbig.com/mailman/listinfo/detomaso
> _______________________________________________
>
> Detomaso Forum Managed by POCA
>
> Archive Search Engine Now Available at http://www.realbig.com/detomaso/
>
> DeTomaso mailing list
> DeTomaso at list.realbig.com
> http://list.realbig.com/mailman/listinfo/detomaso
>

More information about the DeTomaso mailing list