This morning a email attachment virus apparently slipped past our server defense systems. The email used a "spoofed" or fraudulent "header." This means the virus faked the return address on the email. This type of attack is now quite common on the Internet. Viruses, worms, phishing, and other attacks are increasingly clever in their use of social engineering. We trust that the information in an email is true, including the return address, but this is not the case anymore. Here is an example of a virus laden email I got this morning with a spoofed return address:
Note that ...@comfsm.fm did not send this email, that is a faked return address (Name deleted). The message is still clearly a virus. It bears the number one hallmark of an email virus: the attachment has a .ZIP extension. I noted this in an earlier email, anything with a .ZIP extension should be deleted. No one in our system is sending "zipped" files to other people, and no one should be using "zipped" files as attachments.
There are other giveaways that this is a virus, and this relates to what I spoke about in an earlier email. Look at the content of the note and consider whether the sender is likely to have written it. ...@comfsm.fm does not use "Argh" or otherwise talk like a cartoon pirate. The email is not in his "voice." And no one sends password protected documents, at least no one has to date in our system. Here is another version of this type of attack that appears to have come from me, but again the header is spoofed:
From: dleeling@comfsm.fm
Sent: Tuesday, April 20, 2004 3:40 AM
To: [removed]
Subject: Hey, dude, it's me ^_^ :P
Looking forward for a response :P
password: 76467
Here again, consider the "voice." Look at the typical email from me: the subject line is never a generic greeting such as, "Hey, dude, it's me." I do not use the word "dude." And my subject lines are usually descriptive of the content of my email, unless it is a reply (Re:) and I have left the old subject line alone.
Also consider the length: I rarely write a one line email. Plus, I always note the nature of the attachment. So again, knowing the voice is useful.
Finally consider why you are getting an email with an attachment. Were you expecting one? Do you typically get email attachments from that person? Yes, I send attachments - but fall back on the first rule: attachments with .ZIP are usually viral.