Really strange. I got an email purportedly from my daughter. It was addressed to me by name. It concerned some alleged porn pictures of my sister in law.
It said:
Hi David,
Hey did you know that Miranda Anderson created these
usually they are not exactly viruses but messages sent by mass mailer programs, with a custom code in the message body. what they do is ‘collect’ e-mail addresses for spam or “marketing” purposes. in other words if you actually reply to the message without thinking, your e-mail address will be recorded in a database as an “active” e-mail, therefore worth selling to other spammers or mass mailers.
they fool you into thinking that you’re replying to someone trustworthy.
It’s not a virus; a virus is a computer program that can replicate itself by copying its code into another file (much in the same way an organic virus hijacks a cell to create copies of itself).
This was just an email which hid the sender’s address and nothing more (as explained above, the aim was to get you to reply so they could add your email to a list they could sell to other spammers). For more infomation I’d suggest looking up “phishing”.
It isn’t even necessary to reply for the sender to get what they were after. Just the mere viewing of the image (or whatever) within the email tells them that you read their message and there are a pair of eyeballs that will also view all the subsequent spam they will now proceed to bombard you with.
They can do this since the image is hosted on their site, and they assign the image in each initial “probe” email a unique url. Once that unique url gets viewed, they know that you saw their email and you are a good target for further spam. That’s why it’s good to turn off the automatic loading of images in your email.
Well it seemed to do a lot more than hide the senders address. I got my name, my daughters name, and my sister-in-law correct. It is some kind of bot then, one that can mix and match names found in a single email address book. How does it do that? Would one of those bot checks defeat it, no the annoying ones where you can’t even read the letters, but a sane one that asks how much is 1 + 1, or what is the color of an orange.
It most likely got them from a database somewhere (indeed getting said database would be the hard part). All someone needs to do is set up a “mail merge” (i.e. write an email or letter with a script that basically says “copy and paste this detail here for each message”), something I learned how to do in GCSE level ICT, incidentally. I doubt it accessed it by hijacking your computer.
There are a few known botnets that do this very thing, harvesting e-mail addresses from infected machines, then spamming them. Known habits are both spam for profit and phishing attacks.
Some of the spammers appear to keep addresses linked, once they’ve gotten hold of them somehow. e.g. my friend Jane Doe emails me regularly, somehow the spammers got the two addresses (either by intercepting an email in transit somehow, by hacking Jane’s or my email account, or by a virus on Jane’s or my computer (or on the account / computer of someone else we both know).
So they know that I’ve gotten emails from Jane in the past, and will send out numerous spam messages “from” Jane, to me.
I have a friend on an email list. Only listmembers can send to the list. Periodically we’ll get a spam message to the list, because the spammer is spoofing my friend’s from address so the list-server thinks it’s legitimate. Annoying. The friend uses an online-only email account, no local client, and she’s changed her password numerous times, so we assume that the spammers have the two addresses linked forever.