How did a computer virus do this?

I have a computer virus story and am curious how the virus managed to do this.

For my work, I use an iMac DV and have a Yahoo! web-based email address. All of my address book is stored in Yahoo!'s server. Recently, I received a .exe virus from a salesman I regularly correspond with. This, in itself, does not strike me as unusual. I deleted the email and virus long before the .exe attachment was downloaded to my computer. An .exe wouldn’t affect my iMac anyway. No damage was done here.

This is the interesting part. My wife received this virus at work. So did my mother. Neither of these people correspond with this salesman. My wife knew it was him because I have mentioned his name to her and she has spoken to him on the phone. My mother mentioned that she received a virus one day, and mentioned his name (she didn’t know there was any connection to me, the guy’s name is unusual). I do not recall ever sending the same email to my salesman friend, my wife, and my mother. No smart remarks about my wife secretly having a relationship with this guy! :smiley:

How could the salesman’s computer gotten my wife and mother’s addresses? It didn’t get other addresses. For example, my father hasn’t received the virus from him. How is this possible?


Have you ever forwarded something to him that came from your wife or your mother?

Not that I recall. That was my first thought, is that I must have sent something to all three of them, or forwarded something. But all three of them are in vastly different fields and have very different interests. I can’t imagine what would have gone to all of them.

My best guess is that the e-mail that contained the virus actually had two viruses in it. One was the .exe virus, and another was an HTML-based virus. Specifically, one that uses JavaScript to read your yahoo address book and send itself to everyone therein.

I’ve found that smart people tend to surf with JavaScript turned off for exactly this reason.
Yes, it breaks some sites. These sites are stupid because they depend on JScript when it’s clearly something that smart people turn off. They don’t want the money of computer-saavy people, apparently. I’m happy to oblige 'em.