An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Keep worms out of your address book?
#53689 03/16/20 06:32 PM
Joined: Aug 2009
Likes: 14
ryck Online OP
OP Online

Joined: Aug 2009
Likes: 14
A friend sent the following. To me, it seems a bit simple but, who knows? Does this sound like it would be effective?

"As you may know, when/if a worm virus gets into your computer it heads straight for your e-mail address book, and sends itself to everyone in there, thus infecting
all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further,
and it will alert you to the fact, that the worm has gotten into your system.

Here's what you do: first, open your address book and click on "new contact", Just as you would do if you were adding a new friend to your list of e-mail addresses.

In the window where you would type your friend's first name, type in 1aaaaa. Also use address 1aaaaa@a.aaa

Now, here's what you've done and why it works:

The name 1aaaaa will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends.

But, when it tries to send itself to 1aaaaa, it will be undeliverable because of the phoney e-mail address you entered.

If the first attempt fails (which it will because of the phoney address), the worm goes no further and your friends will not be infected."

Last edited by ryck; 03/16/20 06:35 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Keep worms out of your address book?
ryck #53692 03/16/20 08:15 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Fifteen years ago something like that might have deterred some primitive viruses but malware developers blew past that primitive approach in a matter of months and quickly learned to search not only the address book but also scan for email addresses contained in any file. According to recent statistics on the types of Malware prevalent that type of exploit is almost never found in the wild in 2020.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Keep worms out of your address book?
joemikeb #53693 03/16/20 10:55 PM
Joined: Aug 2009
Likes: 14
ryck Online OP
OP Online

Joined: Aug 2009
Likes: 14
Originally Posted By: joemikeb
....malware developers blew past that primitive approach in a matter of months and quickly learned to search not only the address book but also scan for email addresses contained in any file.

Good to know. Thanks. Here’s why the suggestion was sent to me:

I am a volunteer executive with a pensioners association and received an email that, at first glance, appeared to be from our President. In the From section, the email had his name but his address was wrong.

Using my first name, which is NOT in my email address, the email was looking for a response from me: “Are you available to talk? Let me know.”

So, I called the President and, sure enough, he had not sent the email but he recently had problems with email while setting up a new computer (Windows).

Soon after, we learned that others on the executive received similar emails, purporting to come from the President.

I assume that, if I had simply responded to the original email, I would have been confirming that my email address and name were valid. So, I guess, the bottom line is always to be vigilant.

Quick question: In this case, is it most likely that the President’s email issue was the culprit? Or could it simply have been any one of the executive, who’d all have the same list of recipients?

Last edited by ryck; 03/16/20 10:57 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Keep worms out of your address book?
ryck #53696 03/16/20 11:38 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
It could have been anyone who had a copy of the list anywhere on their computer. I could just as easily come from another email to that contact list. It could also have been from a message that was intercepted somewhere in transit. I said that type of malware is quit old and relatively uncommon these days but that does not mean that it isn't out there in the wild.

You can get a better idea of what is going on by submitting the email to an Email Header Analyzer but first read this tutorial. I have a long list of such tools so if that one doesn't help, just let me know.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Keep worms out of your address book?
joemikeb #53698 03/17/20 03:40 PM
Joined: Aug 2009
Likes: 14
ryck Online OP
OP Online

Joined: Aug 2009
Likes: 14
Originally Posted By: joemikeb
You can get a better idea of what is going on by submitting the email to an Email Header Analyzer but first read this tutorial.

Thank you. It raises one more question.

Whenever I get a phishing email I always forward it to the the authorities at the company (if it purports to be from a company) or to the ISP if it's just an email. My habit has always been to send the email with the complete Header information exposed.

That used to be quite easy in Apple Mail. You could just open the Header and forward the email, which would be transmitted with the header opened. It doesn't work that way anymore. Now, at the moment the email is sent, the Header closes.

So, now I copy the Header and paste it into the forwarded email. Is there a security reason that Apple Mail would move away from being able to forward an open Header?

Last edited by ryck; 03/17/20 03:44 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Keep worms out of your address book?
ryck #53702 03/17/20 06:38 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: ryck
Is there a security reason that Apple Mail would move away from being able to forward an open Header?

I am confident Apple has a reason most likely related to security, but I have no idea of the details behind it. I will research that question and see if I can find an answer for both of us.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Keep worms out of your address book?
joemikeb #53720 03/19/20 03:53 PM
Joined: Aug 2009
Likes: 14
ryck Online OP
OP Online

Joined: Aug 2009
Likes: 14
Originally Posted By: joemikeb
I am confident Apple has a reason most likely related to security, but I have no idea of the details behind it.

Just a thought....is it possible that some phishers are smart enough to have code in hidden their messages that would cause the Header to close on 'send'?


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.020s Queries: 28 (0.015s) Memory: 0.6056 MB (Peak: 0.6810 MB) Data Comp: Zlib Server Time: 2024-03-28 10:29:36 UTC
Valid HTML 5 and Valid CSS