January 29, 2011

Email Spoofing

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than yourself is illegal in some jurisdictions.

 E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.


Because many spammers now use special software to create random sender addresses, even if the user finds the origin of the e-mail it is unlikely that the e-mail address will be active.
The technique is now used ubiquitously by bulk e-mail software as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for e-mail addresses within the address book of a mail client, and use those addresses in the From field of e-mails that they send, so that these e-mails appear to have been sent by the third party. Newer variants of these worms have built on this technique by randomising all or part of the e-mail address. A worm can employ various methods to achieve this, including:
  • Random letter generation
  • Built-in wordlists
  • Amalgamating addresses found in address books

Squirrel Mail Spoofing:
Spammers are also using other methods to spoof and send spam via web based emails. First the spammers deploy brute force robots where they attempt to guess a common password.  The spammer’s robot takes advantage of common situations like known passwords and will send random query of all possible users and passwords for months and even years. 

          Using robots the spammer can send hundreds of queries per minute. Once the password of users online is guessed the spammer will login via webmail which is usually installed on many servers. SquirrelMail is commonly used. They then change the ‘Personal Information’ to spoof their spam. Here the spammer changes everything so the reply address is listed but the actual server address is valid. For example if the domain is abc.com the spammer will leave this in the email address field because most servers will deny or fail via authentication anything that does not have the server domain. However the spammer changes the reply address, which often enables them to get replies. The spammers are also time efficient in that they do not want to copy and paste the body of the message. So they insert the spam in the SIGNATURE contents.
The spammer can now send email like a regular user. They compose a new email. They insert recipients in the BCC field and their spam contents are automatically inserted. This is how email is being spoofed and spam mails are sent.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More