I have received a number of questions lately about e-mail spoofing, so today, I will discuss the topic and let you know what you can do to fight against this type of e-mail identity theft. Let's get started!

For those of you who have never heard of this, here is a little information about e-mail spoofing.

Email spoofing is a common e-mail trick used by spammers and phishers. It involves changing special information on an e-mail header. The header of an e-mail is not usually seen by the reader, but it contains important information about how the e-mail is displayed. When an e-mail is spoofed, the header information is changed so that the e-mail appears to come from someone who did not actually send it. Have you ever received an e-mail that says it's from your buy viagra on line own e-mail address, but you know you didn't send it? That's a spoofed e-mail.

Now that we all know what e-mail spoofing is, it's important we understand what causes it. There are a couple main reasons why e-mails are spoofed. One way is by spammers and phishers and the other is from a virus.

If an e-mail address is spoofed by a spammer, it's likely that the spammer is actually a computer and not a real person sending out one e-mail at a time. Spam bots can send out millions of e-mails a day and they use spoofing to get around the filters that try to block the messages they send. A spam bot will usually do one of two things when spoofing e-mail addresses:

1.) The spam bot will send e-mails with random spoofed e-mail addresses. This means that every e-mail they send will appear to come from a totally different person.

2.) The spam bot will send e-mails to your address that appear to be coming from your address. This means you will get e-mails that appear to be from yourself, but you did not send them.

If an e-mail is spoofed by a virus, you will see similar results. The main difference is the spoofed e-mails will look like they're coming from people you know. In order for the virus to spread, it will spoof the addresses that are located in the Contacts folder of the infected computer. That way, the recipients may be fooled into opening the e-mail, thinking it's coming from someone they know.

Right now, there is a huge debate going on in the tech world about how to stop e-mail spoofing. With the current protocol used to send e-mail (called SMTP), anyone can change the header information and send out a spoofed e-mail. There are no restrictions on the technology to stop spoofed e-mail from being sent. Hopefully, within a couple years, we will see a new protocol for sending e-mails that will not allow a spoofed e-mail to be sent out.

Until then, here are a few things you can do to try and fight against e-mail spoofing.

If you feel like you have received a spoofed e-mail, you can do some digging and report it. The first thing to do is look at the header of the e-mail. Finding the header is a little different for each e-mail program. In Outlook Express, right click on the e-mail's subject line and choose Properties. Next, go to the Details tab and you will see the header. If you don't use OE, look for a View Header option in your e-mail program.

Here's what a normal header looks like:

As you can see, it's pretty complicated, but the good news is you only need a little bit of information from the header. If you look at the header, you can see the e-mail is from gary@worldstart.com. This is a non-spoofed e-mail.

Here's an example of a spoofed e-mail:

In this header, you can see the message says it's from smtp007.bizmail.sc5.yahoo.com, but the Reply To message at the bottom shows aw-confirm@ebay.com. This is a spoofed e-mail.

When you have a spoofed e-mail, you should contact the domain of both e-mail addresses, as well as, the FTC's spam fighting division. To do that, copy the header information and paste it into a new e-mail. Address the e-mail to the company that is being spoofed. If they are a larger company, they will have an address to contact for abuse (which is usually abuse@theirdomain.com). In this case, it would be abuse@ebay.com. Also, address the e-mail to spam@uce.gov and lastly, Cc the message to the sender's domain (in this case, abuse@yahoo.com).

I know this is a lot to take in, but hopefully, it will help you defend your own e-mail address from spammers, as well as, help others who are being spoofed. Until next time, stay safe out there, my friends!

What: U.S. Department of Justice seeks archived SMS text messages from Verizon Wireless without obtaining a warrant first.

When: District judge rules on October 30; magistrate judge completes review of archived text messages on Friday.

Outcome: Prosecutors receive the complete contents of defendant's text messages.

What happened, according to court documents:
It may not be that well known outside of police and telecommunications circles, but odds are excellent that your mobile phone provider saves copies of your SMS text messages. In a case that Police Blotter wrote about last year, federal police obtained logs of archived text messages from two unnamed wireless providers.

In addition, a judge in the Kobe Bryant sex case ordered the phone provider to turn over archived messages. Text messages were also part of the trial involving the attempted murder of rapper 50 Cent.

(By the way, here is one way to send almost-anonymous text messages.)

The most recent case dealing with SMS text messages does not involve a celebrity, though. It involves Susan Jackson, who pleaded guilty to wire fraud involving unauthorized transfers from her employer's bank account to her own NASA Federal Credit Union account.

To buttress her request for a minimum sentence, Jackson submitted letters that she said were from friends, employers, and relatives, but the U.S. Secret Service asserts the documents were altered or doctored. If that is true, it could amount to an additional charge of obstruction of justice.

One person allegedly said that Jackson urged him, "using text messaging and e-mail," to go along with the alterations.

The U.S. Department of Justice asked for a subpoena ordering Verizon Wireless to turn over the contents of text messages for phone number (301) 325-XXXX. The request was made under 18 USC 2703(b)(1)(b)(i) and (ii), which do not require probable cause and a search warrant. Instead, all prosecutors must do is claim–and this is much easier–that the records are "relevant and material" to an investigation. (The Justice Department says this is fine because the text messages were "opened communications," meaning that they were already read by the recipient and should therefore be easier to obtain.)

Jackson's lawyer opposed the request, saying that a proper search warrant was required. On October 30, U.S. District Judge Richard Roberts sided with the prosecution and said that only a subpoena was needed.

Verizon complied. It turned over three sets of documents: information about the cialis pill cutter account holder linked to that phone number, a list of the complete contents of the text messages sent or received by cellular telephone number (301) 325-XXXX between June 6 and October 31, 2007, and a log of whom Jackson sent messages to from her Verizon e-mail address. Note that Verizon did not keep copies of the actual contents of her e-mail messages.

Because Jackson alleged that the text messages might involve sensitive attorney-client communications, the court appointed a magistrate judge to review them. Magistrate Judge Alan Kay concluded that the text messages did not involve attorney-client privilege and recommended they be turned over to prosecutors "in their entirety."

Excerpts from Justice Department's brief:
Unfortunately, the defendant's Internet services provider, Verizon Internet Services, Inc., has advised the government that it does not store the content of its subscribers' e-mail communications…

It does maintain, however, a "transactional log" for its accounts, including the defendant's account…Since the information will not contain the content of any communications, it is not believed that the defendant has any basis to contest production.

Excerpts from magistrate judge's report:
Verizon produced a package with the contents of text messages that were sent or received by cellular telephone number (301) 325-(XXXX) between June 6 and October 31, 2007. While a few of the messages make reference to Jackson's court case or meetings with her attorney, none of them appear to contain any communications between Jackson and her attorney. For example, on June 6, 2007, at 3:11 p.m. the cellular phone number in question received a text message from cellular phone number (240) 687-(XXXX) that asked "When is ur crt. date?" and approximately one minute later cellular phone number (301) 325-(XXXX) responded "29th." Approximately four minutes later, the person sending messages from (240) 687-(XXXX) then asked, "Did u get all the letters u needed? And what is ur atty. saying?" to which the person sending messages from (301) 325-(XXXX) responded "I meet w/her on Friday." The undersigned did not locate any other text messages that appear to relate to Jackson's court case or that might constitute a communication between Jackson and her attorney…

Verizon made no representations that the package produced reflected all text messages sent or received by (301) 325-(XXXX). The government's subpoena requested text message information from June 21, 2007 until the date of Judge Roberts' Order on October 30, 2007. The messages actually produced cover the following dates (all in 2007): June 6, June 12-14, June 17, June 19, July 3-4, and October 23-31. Whether any messages were sent or received on other days during this time period, and if so why Verizon did not produce them, is unclear.

Verizon produced transaction logs for Jackson's e-mail address…The e-mail transaction log indicates the date and time that each e-mail was sent and the e-mail address of the recipient. The pages of the transaction log that Verizon provided contain records of e-mails sent by Jackson between June 11, and July 9, 2007. The log shows 33 e-mails between Jackson and her attorney, Dani Jahn of the Federal Public Defender's Office, between June 13 and July 9, 2007. Verizon did not produce the contents of any of these e-mails….

By William Kilmer, News.com

Published on ZDNet News: Oct 8, 2007 4:00:00 AM

The Storm Worm ranks as one of this year's most virulent and persistent viruses. After making a January debut, transported by e-mail, the virus was notable for the more than 50,000 variants that it subsequently spawned.

The Storm Worm has since continued unabated, most recently in the form of Web-based attacks. E-mails, socially engineered to look like electronic greeting cards and linked to a Web site containing malware, completely avoided traditional e-mail antivirus gateways. The Storm Worm's course change to the Web reflects a growing trend of malware Web-based attacks launched through e-mail.

The simple logic behind these e-mail-based blended threats is astoundingly effective: no attachment means no antivirus block. And when combined with a user-friendly invitation, it creates the opportunity for a high infection rate.

Blended threats easily lead people to Web sites where malware gets downloaded–often without user interaction or knowledge. The industry is just now realizing the severity of the problem,

Researchers at Google recently published a paper concluding that approximately 10 percent of reviewed URLs contained "drive-by downloads" of malware binaries (PDF) and many more that were flagged as suspicious.

Malware once lurked in the dark corners of the Internet, but recent hacks have shifted it to the places we all frequent.

buying generic cialis 9pt; margin: 0in; font-family: Verdana” align=”justify”>Our research at Avinti examined URLs being "advertised" through e-mail by spammers, and we found similar results: 40 percent of all e-mails contain at least one URL, and of those, approximately 7 percent linked to a malware site.

Malware once lurked in the dark corners of the Internet, but recent hacks have shifted it to the places we all frequent. For evidence, look no further than this year's hacking of the Web site for Dolphin Stadium, home to Super Bowl. Or the Sydney Opera House. Even popular social-networking sites like MySpace and Facebook have been platforms for exploits. Yes, the sites we frequent daily and trust may be the biggest threats we face in the future and we may be lured there by an innocuous e-mail link to view a greeting, blog or video.

The new Web (2.0) is a fertile breeding ground for malware. Links, blog postings, shared applications and syndicated traffic are all backdoor opportunities for unknown exploits to invade legitimate sites.

At the same time, traditional tools such as Web filters, originally built for blocking objectionable content, struggle to catch these attacks as much as antivirus products do in keeping up with ever-changing e-mail-borne attacks. Spammers and hackers have automated the process so that these sites can be up and running and then down in a matter of hours long enough to carry out their attacks. Like the Storm Worm variants, these sites may be up, active and out of business before a bad URL or IP address is ever logged.

Given the frequency of hackers hijacking a legitimate Web site to insert malware, such as an attack spoofing the Better Business Bureau, blocking a domain or subdomain is becoming more problematic. What about linked pages? Are they blocked by association or if they serve up the malicious link? What if a single IP address hosts sites for both malware and non-malware sites? Without proper control, we may end up either blocking too much, or jeopardizing our trust in valid Web sites.

Fortunately, there is some light now that we have recognized the problem. Organizations like Stopbadware.org and Google are beginning to address ways to share information on malware sites. More vigilance by social sites and IT directors on patching and maintaining their Web sites is going to become more critical than ever.

In addition, there is a greater realization among vendors that since hackers and spammers don't look at e-mail, IM, or the Web independently, they can't afford to either. What we need now are proactive solutions that are as dynamic as the attacks they are trying to prevent; that can detect both known and unknown threats, whether on the Web, e-mail, or IM. Until then, beware the next time you get an e-mail greeting card.

Pasted from <http://news.zdnet.com/2010-1009_22-6211929.html?tag=nl.e550>

October 5th, 2007

Posted by David Berlind @ 9:33 am

Yesterday was the last straw for me when it comes to the way spam is impacting my work. First, before purging the junk mail folder in my Outlook, I did a quick scan only to notice that almost every other e-mail that was classified as spam was actually a legitimate e-mail that should have flowed into my inbox. Why was it in my junk mail folder? I have no idea. That’s part of the problem. In many cases (not all), you can’t look at the e-mail, see what the offending issue was, and notify the sender of why their e-mails are getting classified as spam.

But that wasn’t all that happened yesterday. For the events company (Mass Events Labs) that Doug Gold and I co-own to produce Mashup Camp, Startup Camp, and other events, we use a masseventslabs.com-specific context of Google Apps for e-mail, documents, spreadsheets, etc. In other words, when Doug and I send e-mail to each other through the masseventslabs.com domain, both he and I are sending and receiving from and to a Google Apps-based version of Google’s GMail. Yet somehow (as you can see in the attached video), yesterday, when he replied from his Google Apps account to an important e-mail that I sent to him via my Google Apps account, GMail redirected his reply to my spam folder. How can this be? That’s the equivalent of users of the same, behind-the-firewall copy of Microsoft’s Exchange Server not being able to send e-mail to each other because it’s getting classified as spam. Surely, an e-mail server has some idea of when the source of e-mail is itself.

So, what’s the problem and whose to blame for “friendly fire” and other SNAFUs in the battle against spam? The problem is that the major e-mail technology providers won’t work together to come up with some standard approaches to stopping spam. And when I say major, I mean AOL, Google, Microsoft, and Yahoo. If those four companies simply got together and said it’s time to fix the problem and here’s how we’re going to fix it, the rest of the world would have no choice but to follow. Don’t agree with me? Watch the video. From my interview the other day with Matt Glotzbach, director of product management for Google Enterprise, I extracted the part where he unequivocally agreed that that’s all it would take.

Yet, here we are, more than five years after the major e-mail tech providers said that they’d find a way to curb the problem, and the situation buying cialis is markedly worse. Markedly. Compounding the problem is that there is some cooperation going on between pockets of vendors and Web sites here and there. But the end game there will be separate Internets. If Yahoo! and eBay get together as they’ve just done to address phishers going after users of eBay and PayPal and Google does something different with GMail to address phishers going after users of Google Checkout, pretty soon, you end up in a situation where you have to enter completely different multi-site contexts (walled Internet silos) to get anything done. That was not the idea behind the Internet.

So, are you outraged enough to join me in taking action? How can we (you and I) solve the problem. We have to put the pressure on AOL, Google, Microsoft, and Yahoo. I’ve recorded a video Technology Shakedown (see above) and I’ve licensed it under a Creative Commons license that allows you to re-use it anywhere you want. It’s not easy to grab our videos from ZDNet (I’ll work on that). So, if you want a copy of the video to paste into your blog or Web site, feel free to grab the YouTube version. Maybe together, we can all send a clear message to these four technology providers that its time to stop dilly-dallying and to lead the Internet to a standard “stack” of anti-spam solutions that will have most spammers and phishers looking for a new line of work.

David Berlind has been Executive Editor at ZDNet since 1998 and has been a technology journalist since 1991. Although he can't respond to all e-mails, he reads them all. You can reach David at david.berlind AT cnet.com. If you don't want the content of your e-mail to turn up in a blog entry, make sure you say so. To the extent that most e-mail he receives looks to sway his opinion about something, he usually looks to pass those points of view onto ZDNet's audience members for their consideration . For disclosures on David's industry affiliations, click here.

Pasted from <http://blogs.zdnet.com/Berlind/?p=817&tag=nl.e539>