Postby SapphireSniper » Wed Apr 13, 2005 3:05 pm

I got an email from Dran this morning that he didn't actually send. I didn't open it because it looked like a virus. So I emailed him and let him know that I got it and sent him the header.. which included a IP address..

Then I got another email, same content but sent to another address of mine from the same IP I was confused so I asked my boyfriend, who deals with this kind of stuff, how it did that and if I had to worry about it.

Here's what he said: Ft. Bragg, North Carolina anyone?

(15:51:40) Orenwolf: ok, so, here's what happened.
(15:51:49) Orenwolf: (or, with 99.9% certainty what happened)
(15:52:12) Orenwolf: Random guy in the military, who visits the TF board (or has at some point), gets virus.
(15:52:32) Orenwolf: The virus begins emailing out, using some of the addresses as "from" addresses, and some as "to" addresses.
(15:52:56) Orenwolf: In fact, it is equally likely that it is sending out virii as to all of those people as well
(15:53:33) Orenwolf: but how'd it get
(15:53:37) Sapphire: I've never ever used that
(15:53:39) Sapphire: anywhere
(15:54:15) Orenwolf: it may, to spread further, once collecting addresses, start emailing common usernames at each domain. you may start getting even more to
(15:54:17) Sapphire: several TF'ers are in the military
(15:54:33) Orenwolf: these things try *really hard* to spread by spamming
(15:54:40) Sapphire: ick
(15:56:48) Orenwolf: btw, this is exactly the sort of thing that SPF ( ) is designed to prevent. is protected by SPF, so anyone checking SPF who gets something from you would be able to tell that it's fake.

For more info on how spammers fake your email address read this:
