In the email message below I've highlighted parts of the header lines that
were probably forged by the perpetrators of the NaughtyRobot hoax.
Red items are the To: and From: addresses
(I've substituted my own for that of the original recipient).
Blue items represent the system from which
the recipient is supposed to believe the message originated. The single
green item is the system that a knowledgable
sysadmin, studying these entrails, might suppose was the ultimate origin
of the message. In fact the perpetrators covered their tracks well. I
have seen instances of the note apparently relayed through these sites:
Received: from powergrid.electriciti.com (email@example.com) [126.96.36.199]) by home.atlantech.net (8.8.2/8.6.12) with SMTP id DAA28321 for <firstname.lastname@example.org>; Sun, 26 Jan 1997 03:25:26 -0500 (EST) From: Keith Dawson <email@example.com> Received: from dds.nl by powergrid.electriciti.com with smtp (Smail188.8.131.52 #3) id m0voGeh-0006lnC; Sat, 25 Jan 97 14:32 PST Message-Id: <m0voGeh-0006lnC@powergrid.electriciti.com> Date: Sat, 25 Jan 97 14:32 PST Apparently-From: firstname.lastname@example.org Apparently-To: email@example.com Subject: EMERGENCY - security breached by NaughtyRobot Comment: Authenticated sender is <firstname.lastname@example.org> Precedence: Urgent This message was sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web. NaughtyRobot exploits a security bug in HTTP and has visited your host system to collect personal, private, and sensitive information. It has captured your Email and physical addresses, as well as your phone and credit card numbers. To protect yourself against the misuse of this information, do the following: 1. alert your server SysOp, 2. contact your local police, 3. disconnect your telephone, and 4. report your credit cards as lost. Act at once. Remember: only YOU can prevent DATA fires. This has been a public service announcement from the makers of NaughtyRobot -- CarJacking its way onto the Information SuperHighway.