Constant's pations

If it's more than 30 minutes old, it's not news. It's a blog.

Monday, January 10, 2005

Phishers have an e-mail backdating system

It is designed to confuse “what order the message were sent.”

Currently, if you get one message the normal routine is to look at the follow-on messages as related.

The trick is to change the dates in the send-line, and throw off the trace.

Imagine sitting at your inbox and you see the Trojan show up. You’ve got it pegged. You know the time, data, and location. Everything else, you delete.

You clean out your files. You know which date you’re done.

Then, out of the blue, a message shows up in your trash that is dated before you took this action.

  • How did they back-date the document

  • How were they able to directly send the e-mail to your trash?

  • What portions in subsequent messages look like trash, but are actually the other portions of the code?

    That’s the dilemma. It makes for a real problem.

    Encourage your people to clean out their trash and purge the system. Don’t leave the e-mail sitting there.

    And let’s get a better handle on this backdating stuff. It doesn’t really inspire confidence when you’ve got an archiving system that depends on dates, but you find out that the dates can be adjusted to pre-date suspenses.

    This is called a retro-active change to data and an unstable platform. I’d like the auditors to look into this. It’s not acceptable that the system be so loose that we have people writing memos after the due date, but their arrival data appears to be otherwise.