triumphs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Virus info but no LBC content

from [Jim Muller] [Permanent Link][Original]
To: Triumphs Mailing List <triumphs@autox.team.net>
Subject: Virus info but no LBC content
From: "Jim Muller" <jimmuller@pop.mail.rcn.net>
Date: Tue, 25 Jun 2002 20:32:15 -0400 
On 25 Jun 2002 at 6:45, Pete & Aprille Chadwell wrote:
> Recently I've been receiving some very odd messages...
> The message I received most recently (just minutes ago) shows a
> 'From:' address of <SENDER@autox.team.net>

Just as a point of information for everyone, this isn't hard to do.  
The "From:" field in an email message is not part of the routing 
info.  Rather, it is whatever the sender entered in his/her email 
client.  Anyone can enter just about anything they want there.  It's 
like putting a bogus return address on an envelop, except that it is 
even less significant - if email bounces, that field won't matter one 
iota, whereas a return address on an envelop determines the return 
routing.  In fact, the "ReplyTo:" field could also be bogus.  The 
only sure way to tell where a message came from is to look at its raw 
form and examine its routing info.  (Microsoft conveniently makes 
this difficult.)

The point being this:  The supposed sender of email as indicated by 
any non-routing part of the message is totally meaningless!  Do not 
ever base a "Should I open it?" decision on it.  In fact, even if the 
message actually came from the person whose name is attached, you 
still don't know if it is clean.  Many email viruses (viri?) send 
themselves by reading the address book of the infected machine.  
Someone you know may be contagious and not know it.


> Then Randall asked:

> did anyone else hear the hoax reported on KFWB (LA
> area 'all-new' radio station) that 'picture' files can now
> be infected by virii ?

Don't know if this was a hoax or not.  It was reported by McAfee, 
supposedly after the technique was discovered by someone else and 
disclosed to them.  Others questioned that this would even work, tho' 
McAfee et al. reported it as a proof of concept rather than a real 
threat at this time.  The description I saw seemed not to make much 
sense.  It seemed to require a Trojan horse being deposited on the 
host machine before the contents of the jpeg could act as a trigger.  
That strikes me as not so very different from other viruses in that 
the operating code had to sneak in first, but it requires an extra 
step to work.  Still, I don't work in computer security and I don't 
play one on TV.
-- 
Jim Muller
jimmuller@pop.rcn.com
'80 Spitfire, '70 GT6+

///  triumphs@autox.team.net mailing list
///  To unsubscribe send a plain text message to majordomo@autox.team.net
///  with nothing in it but
///
///     unsubscribe triumphs
///
///  or try  http://www.team.net/cgi-bin/majorcool
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Triumph Bike at Mid-Ohio and at VTR, Jim Muller
Next by Date:  RE: Virus info but no LBC content, Randall Young
Previous by Thread:  radio attenna - tr4 & Update, Tim Purdy
Next by Thread:  RE: Virus info but no LBC content, Randall Young
Indexes:  [Date] [Thread] [Top] [All Lists]