[Warty] and Evolution - sent mail going to unassigned recipients - Linz
James Wilkinson
ubuntu at westexe.demon.co.uk
Sun Apr 17 21:47:33 UTC 2005
I explained:
>
> Some recent worms, in an attempt to look plausible, send out copies of
> other incoming e-mails with a copy of the worm attached. They keep the
> "From" headers intact, to make it less obvious who actually has the
> worm. (That makes it harder for the recipients to warn the user with
> the infection).
>
> It's possible that the worm got stripped before it reached the third
> party.
Lindsay wrote:
> Actually the offending email went to someone on a Linux list and his
> address did not appear in the header at all.....?
Quite plausible. All that would have had to happen is that the Linux
user happened to have his address in the address book of the Windows
user with the worm, and the infected computer would have tried sending
him a copy of the worm.
And e-mails have two completely separate places to specify to whom they
are sent. When an e-mail is sent via SMTP, the sending computer issues a
line like:
RCPT TO:<ubuntu-person at example.com>
(the "envelope address"), and then, a bit later, sends the complete
e-mail including the headers. The receiving computer is *only* supposed
to use the envelope address in routing the e-mail.
That's how this e-mail got to you, the gentle reader, despite having
To: ubuntu-users at lists.ubuntu.com
at the top of the e-mail: the Ubuntu server kept that line there and put
your e-mail address in the RCPT TO: line.
(E-mail servers may put the envelope address somewhere in the headers as
they process the e-mail, but it's not that common.)
That's how a worm can send out a message without having the recipient's
name in the header.
Hope this helps,
James.
--
E-mail address: james | It would save me a lot of time if you just gave up
@westexe.demon.co.uk | and went mad now.
More information about the ubuntu-users
mailing list