Monday, June 18, 2012

Email sender spoofing is "alive and well", sometimes as part of a DOS attack


Today I got an AOL email from a “real world” friend with no subject.  First, I wish email programs would require a subject. 

I was suspicious, so I opened it on an old computer that I use for background testing of Internet stuff and never do any work requiring passwords or personal information on.  (I don’t network my own computers directly  or use P2P.) 

It gave a link to “cpit.ca/blog” and Firefox MyWOT and McAfee said this host is OK.  I linked on the old computer, and the website tried to take me to an obscure social networking site that Chrome would not connect with (either URL or security issues).   This appeared to be a badly coded attempt to earn quick money (probably Russian) through malware by getting users to give page requests and perhaps take a survey (a well-known scam based on Facebook misspellings, leading to cell phone spam from sites like "guessology"). 

I couldn’t tell easily from the header detail on AOL whether the email had really been sent from the person’s computer (by hijacking it, logging on to make the computer a zombie, as with a DOS attack, or by P2P), or if the email sender address has simply been spoofed.  The email came from Yahoo!, and didn't appear to be a Microsoft Outlook exploit (as was common about twelve years ago). 

Either way, sender spoofing (directly or indirectly) still seems to happen a lot. 


No comments: