Getting an email from a past professional contact stating a virus may have gone out

I have a guy I used to know professionally and recently received an email from him stating that somehow a message was sent from his personal account that contained a virus. Looking at the “To” list shows a lot of other professional contacts.

This is the second time in as many years that I have got that warning from him.

My question: WTF? What kind of sites is the guy visiting? How unprofessional is it to send such an email? The message is basically saying he’s an idiot that shouldn’t be trusted with your email address.

I mean, I really don’t get how the circumstances can happen. I have never been infected with a virus or anything, and certainly have never had reason to send a warning email to everyone in my entire address book.

I understand viruses happen, and generally only to unsuspecting people. But I guess the big thing that’s getting me is how bad it looks to those professional contacts.

Has anyone here ever been in that situation? Am I wrong in thinking it screams of being unprofessional?

I don’t think the email is unprofessional, but I definitely view someone getting infected twice with a virus within a couple years as irresponsible.

The “warning” may be bogus, and it may not have come from the source you think. Do you know for sure he sent it, or are you relying upon the displayed address in the email?

It’s definitely from him.

Edit: Let’s assume that it is definitely from him.

But it makes a difference. Here’s how many virus messages get transmitted.

User A is infected. The infected program scans his computer for email addresses anywhere it can find them – in lists, documents, web sites visited, whatever. It dumps them all in a big master list.

Next, it randomly selects two addrs from the list. One becomes the “TO,” the other, the “FROM,” then it mails out one message.

The recipient sees the FROM in the visible header, but it didn’t come from there. He gets mad at the wrong party.

I agree it matters, but I’m about 99.9% certain it was from him, given the wording of the message and something about his spouse (with her name).

OK. Some people just aren’t hip about security. At least he cared enough to send you a warning.

And evidently used “TO” for everybody’s email address instead of BCCing them…

I know plenty of older folks who are not hip to security even though they work in IT firms.

There is also the ‘flash drive’ problem, which is to say, the otherwise security conscious person moves documents between their work and home computer, and the home computer is shared with the family that includes a spouse and kids who are not security conscious. The owner of said flash drive walks away and his kid downloads a “FREE GAME!” and now the flash drive files are infected without the owner knowing. Now it gets transferred to his work computer… Isn’t something like that the suspected path used by the Stuxnet virus?

I would hardly blame the contact unless this happened repeatedly every few months. It sounds like this has happened twice in a few years.

Now that’s the part that would really piss me off. Sure, let’s just share my email address with everyone.

Yeah, the guy did a To All and sent everyone the message.

Do people actually open unsolicited links from others if the sender isn’t a close, or at least, often talked with friend? I mean, I know this guy, but he’s not even in my address book anymore. So if I did get a link from him with some gibberish attached then I’d just delete the message and go about my happy little way.

I almost got hit with one of these and nearly had to do the “mass email everyone I’ve ever known” thing, a horrible fate that I just narrowly avoided. It mimicked a Groupon-type email from a very close friend who I know uses that sort of site and had just talked to me about a similar groupon. Since social-coupon sites often do rewards between friends, I wasn’t as on my guard as I could have been. It would have spammed out a similar message to everyone I knew from me.

Your buddy was doing the responsible thing by telling you. These things happen.

  1. E-mailing everyone in the To: (rather than Bcc:) is unprofessional, and rude; he shouldn’t be sharing your e-mail address with everyone else on his list.

  2. Two warnings in two years isn’t crazy or revealing of excessively lax security. If his warning is at all personalized there’s no huge reason to think it didn’t come from him. But it’s possible that the spam/virus e-mail didn’t actually come from his computer: someone else’s system (who has him as a contact) could be infected, and the virus is just forging his address in the “From:” header (as Musicat describes). In which case, even though his system is fine, he might decide to send out a warning (either because he doesn’t understand what happened and thinks his system really was infected, or just to make sure people don’t think he is infected and ignoring the problem).

Yes. Yes, they do. My mother is a very smart woman but not tech savvy at all, and opens every email she gets because she’s worried that it’s from someone she knows who has changed their email address and she’ll miss something important if she deletes it. She also tries to open every attachment that comes along but fortunately the security settings on her computer (usually) stop it. A couple months ago, however, I had to resort to Combofix to get rid of a really annoying rootkit/ Google redirect thing.

I won’t even get started on my uncle, who follows all the links for “lose belly fat whle whitening your teeth, improve your credit score, lower your mortgage rate and get hot chicks in droves by following this one old rule”