Where'd You Get That Virus?

July 21, 2004

I was surprised to receive a virus-laden e-mail sent to a mailing list I administer which purported to come from myself. Now, my computer may have 99 problems, but a virus is not one. I double-checked the headers on that message to ensure that it did not originate from my computer (it did not).

Now, most worms and viruses which propagate via e-mail send themselves to addresses found in the infected computer's address book and cache files. The virus e-mails claim to come from other addresses in the infected computer's address book. See also: Anchordesk: Why I'm not sending you viruses.

When a mailing list only accepts mail from subscribers, the chances of a virus or worm actually getting through to the list is relatively low. (The more mathematically inclined could figure out the probability.) The chances are even lower when the list administrator has actually taken the necessary steps to filter out suspect attachments before such attachments are sent to the list.

When someone's infected computer sends out a virus or worm to a mailing list while spoofing the e-mail address of the list administrator, that list administrator will receive a number of e-mails wondering "I just got this e-mail from you and it looks like it could be some type of virus or worm. Did you really mean to send it to me?" "Are you sending a virus?" or "what the hell is that?" The less polite may chide the administrator to "stop downloading virus infected porn and sending it to people."

The moral of the day is: virus or worm infected e-mail messages nearly always come from spoofed addresses, so it's not my fault. Make sure your Windows PC is clean with up-to-date anti-virus software or just get a Mac and not have to deal with viruses, worms or spyware.

While virus writers may yet target Macs, OS X is, under its default settings, more secure than Windows. Additionally, John Gruber notes: "The security disparity between the Mac and Windows isn’t so much about technical possibilities as it is about what people will tolerate. And Mac users don’t tolerate shit."

One proposal to authenticate identity in e-mail comes from Yahoo! and is called DomainKeys. DomainKeys will require individual users to be authenticated with their e-mail server. Another proposal, from Microsoft, is called Sender ID and will require authenticated email servers and domains. These two approaches complement each other and may both serve to mitigate the problem of forged email identity.