[Dshield] Clever Virus or Coincidence?

Blanchard, Joe BLANCHAJ at bsci.com
Mon Mar 22 15:31:06 GMT 2004

That seems to be the problem with M$s email clients that
they don't come right out and explain to the end-user that the
email was "from the internet" versus an internal. One can
determine this by viewing the headers etc, but a majority
of end users don't know about this, and simply trust a
"Display Name" as if it were legitimate and came from an
internal source. Wish they would change that to something
that flagged the email and prompted the user that the
source was not trusted.

just my 2¢s tho

> ----------
> From: 	list-bounces at dshield.org[SMTP:list-bounces at dshield.org] on
> behalf of David Sentelle[SMTP:David.Sentelle at cnbcbank.com]
> Sent: 	Monday, March 22, 2004 10:09 AM
> To: 	list at dshield.org
> Subject: 	[Dshield] Clever Virus or Coincidence?
> I'm scanning the machines at the moment, but an odd thing happened this
> weekend.  We got viruses in our email.  Of course, that's not the weird
> part.  
> The weird part was that the spoofed sender's address was an internal
> user's address.  I don't expect that I've actually got an infected
> machine, as the source in the headers was an external machine and the
> virus got stripped by our mail scanner.  I'm still scanning both the
> sender's and receiver's PCs.
> Its made me wonder though, if a new or existing virus's logic is to
> match up email addresses based on domain, and to spoof one user's
> address when sending viruses to other users in that domain.  For
> corporations at least, this should yield a much higher infection rate,
> as who doesn't trust internal company email?

More information about the list mailing list