A friend called me up to ask if I had sent him an email with an attachment and an ambiguous-sounding “subject” heading. The “from” heading said it came from me. I told him no, and he deleted it.
He said I better check my computer for a virus or spyware or whatever. It sounded like good advice, so I did it even though I’ve got a vigilant anti-virus checker and I do pretty routine spyware checks. Sure enough, all I turned up were two harmless looking tracking-jobbies which I promptly deleted (usually I turn up 4 or 5 every few weeks).
It made me think that maybe my pal – who probably would not know spyware from underware – has the problem, not me. Or maybe it is neither of us; maybe a mutual friend’s e-addressbook got e-raided, or something.
What’s the dope regarding cases like this? Who, if anyone, should be worried? How do we track down and cure the vulnerability?
You could examine the email’s X-Headers (in the email source) to see where it came from, but only the very last “hop” before it reaches you can be considered accurate. That might give you a CLUE as to where it came from, but it’s not guaranteed. For example, if the last hop was from one of your ISP’s mail servers, it’s possible that your computer sent it. Or it might’ve been somebody else on the same ISP.
If you want to make sure your own computer is clean, you need to hook up another computer between yours and your modem/router. Using the other computer, you could examine every bit of data that comes out of your computer. But this is neither easy nor fast, and it’s probably not worth your time. You could also use packet capture software (like Ethereal) on your own computer, but this may not work if you’re infected by a smart enough virus. And, again, it’s usually not worth the time and effort.
Practically speaking, you should all just check your computers for spyware and adware (and you have). If it appears clean, it’s probably fine. Just tell him to ignore the spam from you. Unless you have extremely confidential information on your computer or your email is so important that every one has to be validated (which doesn’t seem to be the case here), other solutions just aren’t worth the trouble. Like you said, it could be your computer, his computer, or the computer of anyone else who has your email address.
One solution is to set up a fake Email address in your address book. Call it “GotAVirus” or something with no @ afterwards. If a virus is using your address book, it will try this address which will obviously get bounced back to you as undeliverable.
By the way, this isn’t supposed to happen. It may be “normal”, as in lots of people suffer from the same situation, but it’s not exactly safe or good for your system. You should not be getting ANY spyware if you’re practicing safe internet-usage habits. But, well, it’s usually not that big of deal so I’ll shut up now unless you want more information
Ever since klez was released, it has been possible for viral email from an address if anyone who has received email from that address. The following is a simple scenario, there are others that are more complex that have the same results:
User A no virus
User B has a virus
User A is in user B’s address book
User C gets viral email seemingly from user A. The email is really from user B’s virus.
Spyware can happen all too easily, even if you try to play it safe. It is no longer like STDs, but more like the flu. Spyware makers do not play fair, and it is possible to mistakenly click or mouse over something or just make a typo in an URL and get spyware or a virus. If you are on the net you should have virus protection and spyware protection enabled at all times. I have clicked (not on spyware or viruses yet thank goodness) when my daughter jogged my elbow, or when I sneezed.
I suspect he meant tracking cookies, not actual software. Tracking cookies are easy to pick up even if you’re doing everything “right,” unless you’re willing to turn off cookies altogether (which makes parts of the Internet more or less useless). I think he’s fine.
To answer the OP, I get irate messages from folks all the time about spam I never sent. Lots of spam (especially viruses and other non-commercial ones) have “valid, but fake” addresses on them, harvested from web sites, existing mailing lists, etc. There might be lots of people getting messages from “you”, and your ISP is noticing that you didn’t actually send them and eating the rejections. It’s a strange coincidence that of all the fake addresses out there it picked you, but if it doesn’t happen again, I wouldn’t worry about it.
The other possibililty is that your FRIEND has the virus, and it’s reading his address book and sending him local mail. It would be trivial to write such a thing, but I’ve never heard of one, nor can I figure out why anyone would want to write one.
Oh ok. If that’s what he meant, yeah, he’s fine. (Though there are ways of reducing the number of tracking cookies you pick up while still preserving useful ones.)
