[NSRCA-discussion] Check This Out

Tom Simes simestd at netexpress.com
Mon Feb 11 12:32:30 AKST 2013


On 02/11/13 08:29, Larry Diamond wrote:
> All Should Read...
>  
> Tom,
>  
> Please look deeper into this issue.
>  
> I highly doubt it is Bill's e-mail account that was comprimised. Everyone on this list is most likely in somebody's contact list. 

Hi Larry,

Spoofing implies that the headers of an e-mail message have been altered
to obfuscate (spoof) the origin of the message.

Yahoo! pioneered the use of DKIM in 2007
(http://tools.ietf.org/html/rfc4870) specifically to combat spoofing.
Not only did they author the original RFC, they even developed and
donated a reference implementation to the community.

The DKIM signed and verified headers of the offending e-mail indicate it
was sent using Yahoo!'s webmail interface from 75.99.138.194 at 08:33:52
PST.  Regardless whether the deed was done via a trojan on the local
user's machine or via an unauthorized 3rd party with the user's
credentials, the message was sent via the Yahoo! web interface using
Bill's account credentials.

In other words, this e-mail was not spoofed - although indications are
it was likely sent via a trojan.  So folks, it's always a good idea to
have updated virus/trojan/malware protection installed.  Knock on wood,
clamav should keep viruses from being propagated as attachments via the
list, but I'm not aware of a filter that will investigate URL links to
see if they are potentially malicious.  If anyone knows of such a milter
that's supported by Postfix, hit me up!

My apologies for the non-pattern related content,  If anyone would like
to explore this further, let's take if off list.

-- 
Tom

======================================================================
   "Z80 system stack overflow.  Shut 'er down Scotty, she's
         sucking mud again!" - Error message on XENIX v3.0

Tom Simes                                       simestd at netexpress.com
======================================================================


More information about the NSRCA-discussion mailing list