Thank you Chris-
As usual you make sense.
I was sort of suspicious but wanted an expert opinion.
regards,
doug
On Nov 17, 2006, at 10:16 AM, cb wrote:
On Nov 17, 2006, at 9:43 AM, Douglas McAdam wrote:
If you ever get an email that tells you something that you are curious
if it is true or not... go right to the bottom of the email and look
for the closing sentence. If it is anything along the lines of the one
in your email like:
Pass this on to all your friends.
Then you know right away that the entire email is false and you can
throw it out and ignore it.
But, just for fun, lets break this down and prove why it is false.
I learned a computer trick today that's really ingenious in its
simplicity. As you may know, when/if a worm virus gets into your
computer it heads straight for your email address book, and sends
itself to everyone in there, thus infecting all your friends and
associates.
Bzzz... wrong. No worm in a long time has gone anywhere near the
address book. Instead it goes for the emails you have saved on your
computer. Inbox, Sent Mail, stored mail, any mail. It reads those
emails, extracts all possible email addresses and sends to those
addresses. This gives it a much larger pool of email addresses, and a
higher probability of getting valid addresses (because typically,
people's address books are out of date). It also does this, because it
needs to scan the emails already so it can put together a valid
sounding email (notice how worms these days all seem to come in with
darn near legit email text... that is because it pulls valid email
bodies to construct a new email). So why spend time dealing with an
address book, when you can get everything you need (and more) from the
emails themselves.
Now, here's what you've done and why it works:
The "name" "A" will be placed at the top of your address book as
entry#1.
This will be where the worm will start in an effort to send itself to
all
your friends.
But, when it tries to send itself to [EMAIL PROTECTED], it will be
undeliverable because of the phony email address you entered. If the
first attempt fails (which it will because of the phony address), the
worm goes no further and your friends will not be infected.
Bzzz... wrong again. The worm doesn't care if an email is
undeliverable, in fact, they are specifically designed to not care and
ignore undeliverable addresses. They anticipate that a portion of the
addresses extracted for use will be undeliverable. So if it gets one,
it just moves on to the next email in the list without a care in the
world. Also, depending on the worm, it isn't even going to know if an
email is undeliverable. Some worms don't deliver directly to the
recipient mail server, they deliver to an intermediate mail server (be
it your ISP, or some other known open relay). If it delivers to
another server, the outbound mail will be accepted even with a bad
address, as there is no way to determine the address is undeliverable
at that stage. Worms that deliver directly to the recipient (a growing
number, and probably a large majority of them these days), will know
an address is bad, but it won't stop them. They will just drop the
connection and move on to the next email in the list.
Here's the second great advantage of this method:
If an email cannot be delivered, you will be notified of this in your
In
Box almost immediately. Hence, if you ever get an email telling you
that an
email addressed [EMAIL PROTECTED] could not be delivered, you know
right away that you have the worm virus in your system.
Bzzz... I'm sorry, that's three strikes. No worm in a long time has
used your email address as the return address. They don't use your
address, because they want it to be hard to figure out who is the
infected person. If they used your address, then you would get these
bounce notices and you would be able to correct things (or you would
get calls from people you sent it to alerting you to the problem).
Rather, worms grab addresses at random from the list of addresses
extracted from your email, and it uses one of those as the return
address. So the new worm emails will all appear to come from someone
other than you, and all bounce messages due to undeliverable addresses
will go to them and not you.
So, the moral of this is, next time you get an email that says to pass
it on to everyone you know... don't. Just throw it out, it is all
lies.
-chris
<www.mythtech.net>
___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
