You've checked your machine with the latest version of anti-virus software. You've called the Helpdesk, and they sent someone over who gave your computer a clean bill of health. Yet, you still receive messages accusing you of spreading viruses to others via e-mail. Why?
The reason may be due to any number of viruses that cleverly "spoof" or fake the return addresses on the loaded e-mails they send. Such viruses gather e-mail addresses from the infected machine, choosing one to list as the destination (To:) and one to "spoof" (fake) as the sender (From:).
Most mail systems will let you put anything down as the sender (From:)address without validating or authenticating it. So, someone else's macchine is spreading a virus but you get the notification because the virus found your e-mail address on the infected system.
To explain further, here is a sample scenario. Let's say email@example.com contracts a virus like MiMail. Some time after that, firstname.lastname@example.org receives a message from email@example.com that has a virus attachment in it. Leonardo's anti-virus software or his firewall catches it before it can infect his machine. The anit-virus or firewall software then sends a note to Isaac warning him that he is spewing out viruses. Isaac is totally confused as he knows that his firewall or anti-virus software would have caught it. As the interception of the virus and the notification are automatic, the actual messages are never examined to verify the sender's name. Had they been examined, they might have revealed that the original sender was from somewhere in sion.org.
What Can Be Done?
The only one can do is make sure one's anti-virus software is up to date and working. The confusion over who actually sent the virus will continue until e-mail software and protocols evolve to address this gap in security (spoofing).
For more information about technology at SUNY Plattsburgh, please contact:
Phone: (518) 564-4433 / toll-free 1-800-787-8773