E-Mail purportedly from friend is actually from spammer. Problem?

Discussion in 'Windows Live Mail' started by Jorie, Aug 7, 2008.

  1. Jorie

    Jorie Guest

    I opened a message from a friend's eddress and it was from a spammer. I
    contacted friend who didn't realize what had happened but did a complete
    virus scan and found nothing. There was a long list of eddresses in the "To"
    box. So the message was undoubtedly from spyware that had commandeered their
    contacts list.

    I found no viruses on my computer but I'm worried.
    I blocked my friend's eddress and they are planning to get a new eddress.
    1. Is there a chance that this spammer can get control of my contacts list
    this way?
    2. Is there anything else I should do?
    3. Does "hiding" eddresses in the "BCC" box (instead of the "To" or "CC"
    box) help to prevent spammers from doing this or is that useless?
     
    Jorie, Aug 7, 2008
    #1
    1. Advertisements

  2. Jorie

    Bob Lucas Guest


    You have performed a virus-scan, so it appears that you are running
    antivirus software on your computer? Are the definition signature files
    up to date? Have "Automatic Updates" been enabled in your computer
    security settings?

    If the answers to both questions is YES - and you did not open any
    attachment(s) to the message, then the risks to your computer are low.
    For peace of mind, you could run a free, on-line virus scan, using a
    different supplier from to the supplier of your existing anti-virus. I
    am not endorsing any particular software. However, Kapersky, at
    www.kaspersky.com/virusscanner has a good reputation and the free,
    on-line scan is effective.

    You could also install and run Adaware 2008 - Free Version (from
    http://www.lavasoft.com/products/ad_aware_free.php) and Spybot Search &
    Destroy (from http://www.safer-networking.org/en/index.html). Read the
    help files, before running Spybot S&D - and also "Immunize" your
    computer regularly. Incidentally, the Spybot "Tea-Timer" is a
    non-essential add-on, which I have chosen not to install on my computer.

    So how did the suspect message reach your computer? Obviously, your
    friend needs to run full anti-virus and anti-spyware scans - and check
    that he/she is running an active firewall (preferably, one that blocks
    outbound Internet access to unauthorized programs).

    However, the message could be forged and might not have originated from
    your friend's computer. It is probably not a DIY task, but an
    examination of the message headers might reveal the source of the spam.
    Spamcop at http://www.spamcop.net/ analyzes message headers and reports
    spam to the originator's ISP, although I am not convinced that spam
    reports serve any useful purpose.
     
    Bob Lucas, Aug 7, 2008
    #2
    1. Advertisements

  3. Jorie

    N. Miller Guest

    If you and friend have another friend, in common, that other friend could be
    infected. Also, many friends send email using "Cc:", instead of "Bcc:", and
    all email addresses are seen by all recipients. Such an email, if it winds
    up on an infected computer of a unknown "friend of a freind" could be
    harvested, and used, by spammers.
     
    N. Miller, Aug 7, 2008
    #3
  4. Jorie

    Jorie Guest

    Very grateful for the responses. Thank you both.

    1. VIRUS/SPYWARE PROGRAM: I use Windows Live OneCare as my virus updater and
    spyware scanner. Almost as soon as I opened the problem message and realized
    what had happened (about 2 hours after the problem email was sent to my
    computer--I was using different programs) I ran OneCare scan. The report
    says nothing was found, either virus or spyware. My OneCare program is
    supposed to keep my virus definitions etc. current automatically. I don't
    know how they do the spyware scan since it happens in the background.

    2. SOMETHING ELSE HAPPENED: It's comforting to be affirmed in my suspicion
    (as you wrote, Bob) that the danger is less since I hadn't opened any
    attachment. However, something else ALARMING happened just this morning.
    Shortly after I sent this message to Communities this morning, my computer
    audibly announced to me that I had been chosen to receive a free Mac
    notebook! WOW!! Imagine that!!! But I'm really alarmed now because I've
    never had anything like this happen before and, as it happens, the bogus
    email was touting electronic goods from China, including laptops. Might be a
    coincidence but I'm sure concerned. I use my computer for online banking,
    etc.

    3. DOWNLOADING ADDITIONAL PROGRAMS: After I got this laptop last summer I
    decided to be very picky about what programs I download since I thoroughly
    enjoy the speed of having less "stuff" on my computer. In addition, I
    initially experienced some conflicts between the McAfee virus program and the
    Vista OS and learned that many websites were not compatible w/ Vista at that
    point. I'm sure that might have changed by now but I've been wary of more
    downloads for a full year!

    That's my hangup if you will about downloading more programs. I have used
    both Spybot "Search and Destroy" and Lavasoft's Adaware on my previous
    desktop and found them useful tho I thought they really slowed things down.
    Would it work to download them, run their checks, and then delete the
    program(s)? (Seems that even when one does try to delete a program there's
    always "something" left over hanging around to complicate life).

    I don't suppose there's any way a program could run from a CD, do its thing,
    but not put anything on my hard drive? Is that possible?

    4. WINDOWS DEFENDER: I removed Windows Defender from my computer when I
    signed up for Windows Live OneCare b/c WLOC said that both were not necessary
    (and indeed, as of last fall anyway, there were some conflicts there too).
    Maybe Windows Defender would have helped protect against spyware??

    5. MY QUESTIONS:

    *In your view can I simply rely on Windows Live OneCare to do the
    job of searching out any adware or spy programs? What I DON'T want of course
    is a keylogger program. Unfortunately, w/out thinking carefully, I went
    online this morning w/ my bank! Probably a bad move. Dumb to take the risk
    w/o further checking. The audio message hadn't come then and it was about 6
    am when I wasn't thinking rationally I guess.

    *Would changing my eddress make any sense at this point? When I
    think of the dozens of places that eddress is in personal profile
    information it's a daunting tasks if not necessary.

    More advice would be greatly appreciated!
     
    Jorie, Aug 7, 2008
    #4
  5. The functions of Windows Defender are included in the current version of
    OneCare.
     
    Gary VanderMolen, Aug 7, 2008
    #5
  6. Jorie

    ...winston Guest

    Inline
    --
    ...winston
    ms-mvp mail


    More info needed..when did the message occur
    - web surfing
    - on startup
    - opening an email
    - opening a different application
    No..Not all malware scan programs are 100% effective
    No. But changing your password for your account would be appropriate
     
    ...winston, Aug 7, 2008
    #6
  7. Jorie

    Bob Lucas Guest

    1. VIRUS/SPYWARE PROGRAM
    I have no experience of Windows Live OneCare - so I can't comment on how
    effective it is. However, no anti-virus software can ever be 100%
    effective. Furthermore, there can be a time-lag between the emergence
    of a new virus and the provision of updated definition files.

    You should never install and operate two resident anti-virus programs
    simultaneously. However, I stand by my previous advice to run a
    completely different on-line scanner, such as Kapersky. The on-line
    scan will not remain resident on your computer and although it will take
    a while, it should not conflict with Windows Live OneCare.

    The same applies to a one-off scan, using the free, on-line scanner from
    McAfee at http://us.mcafee.com/root/mfs/default.asp?cid=9435. However,
    I would not want to install McAfee or Norton/Symantec products, which
    have become so bloated that they often have a detrimental effect on
    speed.

    2. SOMETHING ELSE HAPPENED
    Strange! Did the audible message occur, when you opened another email?

    3. DOWNLOADING ADDITIONAL PROGRAMS
    I agree you should be cautious about installing additional software.
    AFAIK the free version of Ad-Aware 2008, does not start up
    automatically, when you boot your computer. The free version does not
    offer resident protection and you have to initiate scans and update
    definitions manually. Ad-Aware should not slow your computer at other
    times. Similarly, Spybot S&D (without the Tea-Timer add-on) should not
    slow your computer. Furthermore, Spybot S&D adds "suspect" web
    addresses to a banned list in the HOSTS file, which prevents your
    computer from connecting to identified problem sites.

    4. WINDOWS DEFENDER
    If Microsoft has confirmed that you don't require Windows Defender in
    addition to WLOC, then fair enough.

    FIREWALL
    You haven't said whether you have an active Firewall and if so, which
    one.

    The Windows XP firewall is better than nothing - but it only provides
    one-way protection against inbound attacks. However, it does not
    prevent programs on your computer from sending data to the Internet. I
    have installed the free version of Zone Alarm on my PC, to provide
    outbound program control.

    I don't use Vista , so I am not familiar with the Vista firewall.
    However, a Google search led me to the page at
    http://www.techradar.com/products/c...ies/other/windows-firewall-vista-37989/review,
    which indicates that although the standard Vista firewall offers the
    ability to filter outbound traffic by program, port and protocol, it is
    not enabled by default.

    If you are relying upon the Vista firewall, you need to dig into the
    settings of a new administrative tool called Windows Firewall with
    Advanced Security to create the rules required to control outbound
    traffic. Outbound firewall filtering is essential, so I have also
    checked the Microsoft One Care pages at
    http://www.microsoft.com/uk/smallbusiness/products/onecare/overview.mspx.
    According to Microsoft, WLOC does "Provide protection for your PC when
    you send or receive data over the Internet". You will should check the
    details and configuration of WLOC on your machine and in particular,
    which programs are authorised to send data.

    Incidentally, have you contacted McAfee Product Support for advice
    regarding this recent incident?
     
    Bob Lucas, Aug 7, 2008
    #7
  8. Furthermore, Spybot S&D adds "suspect" web
    I think it was Spybot that caused a huge problem for Windows Mail last year,
    when Spybot added thousands of websites to IE's restricted sites list.

    My basic philosophy is that Windows (and especially Vista) only needs a
    good antivirus to make it reasonably secure. The other third party security
    programs often cause more problems than they solve.
     
    Gary VanderMolen, Aug 7, 2008
    #8
  9. Jorie

    Jorie Guest

    This is a response to both Bob Lucas and Gary VanderMolen:
    THANK YOU for the time and effort put into helping me with this. I will try
    the one-time Kapersky that Bob mentioned.

    However, when I first got Vista I had conflict issues with other programs
    (as Gary's post mentioned) and it just isn't worth the potential hassle to
    download anything tho I used both AdAware and Search and Destroy with XP2. (I
    don't know if McAfee has re solved its conflict with Vista--probably by now.
    I have McAfee Site Advisor free from my server--puts a little green check
    against websites that they've found relatively clean). I have pretty much
    depended on the Vista Firewall and WLOC, both of which are fully enabled and
    kept up to date, to do their thing. I guess I'm not as paranoid about MS as
    some.

    Last evening I did another full spy and virus scan with WLOC and it showed
    nothing.

    BTW, the audible "free Mac" offer came while I was on the web--THIS website
    to be accurate!

    I'm indeed grateful for the terrificd advice and all the time you folks
    invest in helping the rest of us. Much appreciated.
     
    Jorie, Aug 8, 2008
    #9
  10. You're very welcome.
     
    Gary VanderMolen, Aug 8, 2008
    #10
  11. Jorie

    ...winston Guest

    If you received an offer for a 'free Mac' while viewing the Msft online communities for this newsgroup..something besides Msft is
    on your machine..

    You might follow these steps..
    http://aumha.org/a/quickfix.htm

    Then if the problem persists, follow the instructions on that site or visit the Parasites -Adware forum. Any need for posting a
    HiJack This log will be provided with initial direction.
     
    ...winston, Aug 9, 2008
    #11
  12. Jorie

    Jorie Guest

    aumha.org etc.--That's a terrific site. I've saved it in Favorites. thanks,
    Winston

    I have followed many of the suggestions. Right now there is no indication
    that I have any spyware but I'm still really puzzled about that audio
    message. I cannot be certain but I'm pretty sure I was on this Communities
    website when it came BUT the other thing I don't know for certain is whether
    mynews webiste was running in the background. It hasn't happened before that
    a commercial audio message has come from that site like that but I suppose
    that could be the explanation. Perhaps I was being paranoid but in the
    current situation.......we're all rather paranoid I think and w/ good reason.

    I will run my Windows Live OneCare "full/deep" scan every day for a few days
    just to be sure (after being sure the spyware and virus signatures are
    up-to-date of course).

    Thanks again for that great reference to the Parasite Fight website.
     
    Jorie, Aug 9, 2008
    #12
  13. Jorie

    ...winston Guest

    You're welcome
     
    ...winston, Aug 11, 2008
    #13
  14. Jorie

    Jorie Guest

    Off topic.

    OK Norman, you have piqued my curiosity long enough--for at least a year and
    maybe longer. What is the meaning of your signature. It's obviously a
    quote--but from whom?
     
    Jorie, Aug 12, 2008
    #14
  15. Jorie

    N. Miller Guest

    To the best of my knowledge, it is an original. From a dream I had about
    being a California Army National Guard soldier in some Middle Eastern
    nation. Mid to late '80s, when my C Co., 1-132d Engr. Btn. C.O. was harping
    on our "Capstone Mission", and potential deployment (which would *not* have
    been to the Middle East, but to Korea). There was a song being sung in my
    dream, as I watched a line of refugees heading back the way I had come from.

    No, I was never deployed to Iraq. I did attend a "Team Spirit" training
    exercise in 1986. Larger than the old "Reforger" exercises run by NATO. ROK
    Army and all branches of the U.S. Military; and some Australian
    participation, as well. I missed standing at the treaty table in Panmunjon
    as a result of hospitalization while I was there. Would have been fun to
    tell people that I had been to North Korea.
     
    N. Miller, Aug 12, 2008
    #15
  16. Kipling influences?

    DSH

     
    D. Spencer Hines, Aug 12, 2008
    #16
  17. Jorie

    R. C. White Guest

    Hi, Norman.

    Thanks for the explanation. And thanks to Jorie for asking. I also have
    been wondering.

    I still don't understand it, but at least, I'll stop wondering about its
    source. ;^}

    RC
    --
    R. C. White, CPA
    San Marcos, TX

    Microsoft Windows MVP
    (Running Windows Live Mail 2008 in Vista Ultimate x64 SP1)
     
    R. C. White, Aug 26, 2008
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.