Brydan Solutions

Email SPAMMING and Email SPOOFING

Tech Support — Fri, 02 Dec 2011 03:39:04 +0000

Wonder what is going on with all these e-mails that you didn’t send yourself? Or those e-mails that look like it was sent by someone but really wasn’t?

Within these days of massive communication via e-mail, it comes to
be quite important for anyone to be familiar with the following two
terms: email “spamming” and email “spoofing”.

Email spamming refers to sending email to
thousands and thousands of users – similar to a chain letter. Spamming
is often done deliberately to use network resources. Email spamming may
be combined with email spoofing, so that it is very difficult to
determine the actual originating email address of the sender. Some
email systems, including Microsoft Exchange, have the ability to
block incoming mail from a specific address. However, because these
individuals change their email addresses frequently, it is difficult to
prevent some spam from reaching your email inbox.
Email spoofing refers to email that appears to
have originated from one source when it was actually sent from another
source. Individuals, who are sending “junk” email or “spam”, typically
want the email to appear to be from an email address that may not
exist. This way the email cannot be traced back to the originator.

Malicious Spoofing

There are many possible reasons why people send out emails spoofing
the return address: sometimes it is simply to cause confusion,
sometimes it is to discredit the person whose email address has been
spoofed: using their name to send a vile or insulting message.

Sometimes email spoofing is used for what is known as “phishing”,
which aims to trick the recipient into revealing passwords or other
information. For example, you get an email from what appears to be the
PayPal’s account verification department, or from your ISP, asking you
to go to a Web page and enter your password, or change it to one of
their choosing.

Dealing with a Spoofed Email

There is no way to prevent receiving spoofed emails.
If you get a message that is outrageously insulting, asks for something
highly confidential, or just plain doesn’t make any sense, then you may
want to find out if it is really from the person it says it’s from. You
can look at the Internet Headers information to see where the email
actually originated.

Remember that although your email address may have been
spoofed this does not mean that the spoofer has gained access to your
mailbox.

Internet Headers Information

An email collects information from each of the computers it passes
through on the way to the recipient, and this is stored in the email’s Internet Headers.

Tip: Internet Headers are best read from the bottom up, as they are added to as the email passes through the system.

Virus spoofing

Email-distributed viruses that use spoofing, such
the Klez or Sobig virus, take a random name from somewhere on the
infected person’s hard disk and mail themselves out as if they were
from that randomly chosen address. Recipients of these viruses are
therefore misled as to the address from which they were sent, and may
end up complaining to, or alerting the wrong person. As a result, users
of uninfected computers may be wrongly informed that they have, and
have been distributing a virus.

If you receive an alert that you’re sending
infected emails, first run a virus scan using a full-featured locally
installed anti-virus program (e.g. Norton Anti-Virus, McAfee, Nod32,
AVG, BitDefender, etc). If you are not infected, then you may want to
reply to the infection alert with this information:

“Your virus may have appeared to have been sent
by me, but I have scanned my system and I am not infected. A number of
email-distributed viruses fake, or spoof, the ‘From’ address using a
random address taken from the Outlook contacts list or from Web files
stored on the hard drive.”

But keep in mind that a virus alert message is
quite often auto generated and sent via an anti-virus server and so
replying to the original email may not elicit a response.

Alternatively, if you receive an email-distributed virus, look at the Internet Headers
information to see where the email actually originated from, before
firing off a complaint or virus alert to the person you assume sent it.

Source: http://www.anti-abuse.org/email-spamming-and-email-spoofing/

Email SPAM Bounced Messages

Tech Support — Thu, 01 Dec 2011 03:39:04 +0000

Have you ever received e-mail messages that appear to be failed bounce e-mails that you have sent to someone?You are receiving spam bounced messages because a spammer/virus has
spoofed the From field of the mails.

Please keep in mind that the latest viruses and spammers use the so-called “header spoofing” technique, that allows them to use any e-mail address as From, whether or not they have access to the mail server for that domain. This is achieved by specifying a different address in the Return-path and From header of the message.

When the messages with spoofed Return-Path are sent to a non-existing account, they are returned to the spoofed address.

Unfortunately, nothing can be done to prevent abusers from forging the
“From” and Reply-to fields of an email. Due to a flaw in the global
e-mail system itself, it is possible to send messages, using any
address in the Return-Path and FROM e-mail headers, and thus the
messages can appear to come from any e-mail address.

Randomly generated addresses are often used as many viruses and spammers use that technique to generate valid email addresses.

Unfortunately, there is no server side mechanism which could cease
these malicious actions. The authorities managing the originating mail
servers of the spammers are the ones who can control these occurrences,
however the spammers and the viruses are capable of maintaining their
own SMTP services as well. The messages sent in those spam waves are
never sent from a single exploited computer they use complete networks
of compromised machines and tracking them down is a futile task.

Adobe Releases Security Bulletins for Multiple Products

Tech Support — Wed, 10 Aug 2011 09:59:00 +0000

Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected:

Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems…

Read more at: US-CERT Current Activity

Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected:
- Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems
- Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris
- Adobe Flash Player 10.3.185.25 and earlier versions for Android
- Adobe Flash Media Server 4.0.2 and earlier versions
- Adobe Flash Media Server 3.5.6 and earlier versions for Windows and Linux
- Adobe Photoshop CS5 and CS5.1 and earlier for Windows and Macintosh
- RoboHelp 9.0.1.233 and earlier, RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Adobe security bulletins and apply any necessary updates to help mitigate the risks.

Read more at: US-CERT Current Activity

Microsoft DNS Server NAPTR Code Execution Vulnerability

Tech Support — Wed, 10 Aug 2011 06:33:00 +0000

Severity: High 9 August, 2011 Summary: This vulnerability affects: The DNS service that ships with the Server versions of Windows How an attacker exploits it: By sending specially crafted DNS queries Impact: In the worst case, an attacker gains complete control of your DNS server What to do: Deploy the appropriate Windows Â update immediately, or [...]

Read more at: WatchGuard Security Center

Cumulative Patch Corrects Drive-by Download Flaws in IE9

Tech Support — Wed, 10 Aug 2011 03:46:00 +0000

Severity: High 9 August, 2011 Summary: This vulnerability affects: All current versions of Internet Explorer, including IE9 How an attacker exploits it:Â In most cases, by enticing one of your users to visit a malicious web page Impact: Various, in the worst case an attacker can execute code on your user’s computer, gaining complete control of [...]

Read more at: WatchGuard Security Center

Microsoft Black Tuesday: IE9 and DNS Server Flaws Pose Critical Risk

Tech Support — Wed, 10 Aug 2011 02:19:00 +0000

Are you ready for a long week of patching? Microsoft’s August Patch Day is live, with thirteen security bulletins that fix 22 security vulnerabilities in their popular software packages.Â The flaws affect many Microsoft products, including: Windows and its many components (like DNS server) Internet Explorer Visio the .NET Framework and Visual Studio. Microsoft only rates [...]

Read more at: WatchGuard Security Center

Microsoft Drops a Dozen Updates in August

Tech Support — Sun, 07 Aug 2011 02:14:00 +0000

After every light Microsoft Patch Day, you can almost always expect a much bigger one to follow. August is no exception, with an expected dozen Microsoft Security Bulletins. According to their advanced Notification post, Microsoft plans to releases twelve bulletins next Tuesday, fixing vulnerabilities in Windows, Internet Explorer (IE), Office, the .NET Framework, and some [...]

Read more at: WatchGuard Security Center

Apple Releases QuickTime 7.7

Tech Support — Thu, 04 Aug 2011 13:53:00 +0000

Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to help mitigate the…

Read more at: US-CERT Current Activity

Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to help mitigate the risks.

Read more at: US-CERT Current Activity

Microsoft Releases August Security Bulletin

Tech Support — Thu, 04 Aug 2011 13:25:00 +0000

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute…

Read more at: US-CERT Current Activity

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Read more at: US-CERT Current Activity

WordPress Themes Vulnerability

Tech Support — Wed, 03 Aug 2011 10:05:00 +0000

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:

determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
review the
Read more at: US-CERT Current Activity

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
- review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks
Read more at: US-CERT Current Activity