E-Mail purportedly from friend is actually from spammer. Problem?

I opened a message from a friend's eddress and it was from a spammer. I
contacted friend who didn't realize what had happened but did a complete
virus scan and found nothing. There was a long list of eddresses in the "To"
box. So the message was undoubtedly from spyware that had commandeered their
contacts list.

I found no viruses on my computer but I'm worried.
I blocked my friend's eddress and they are planning to get a new eddress.
1. Is there a chance that this spammer can get control of my contacts list
this way?
2. Is there anything else I should do?
3. Does "hiding" eddresses in the "BCC" box (instead of the "To" or "CC"
box) help to prevent spammers from doing this or is that useless?

 

You have performed a virus-scan, so it appears that you are running
antivirus software on your computer? Are the definition signature files
up to date? Have "Automatic Updates" been enabled in your computer
security settings?

If the answers to both questions is YES - and you did not open any
attachment(s) to the message, then the risks to your computer are low.
For peace of mind, you could run a free, on-line virus scan, using a
different supplier from to the supplier of your existing anti-virus. I
am not endorsing any particular software. However, Kapersky, at
www.kaspersky.com/virusscanner has a good reputation and the free,
on-line scan is effective.

You could also install and run Adaware 2008 - Free Version (from
http://www.lavasoft.com/products/ad_aware_free.php) and Spybot Search &
Destroy (from http://www.safer-networking.org/en/index.html). Read the
help files, before running Spybot S&D - and also "Immunize" your
computer regularly. Incidentally, the Spybot "Tea-Timer" is a
non-essential add-on, which I have chosen not to install on my computer.

So how did the suspect message reach your computer? Obviously, your
friend needs to run full anti-virus and anti-spyware scans - and check
that he/she is running an active firewall (preferably, one that blocks
outbound Internet access to unauthorized programs).

However, the message could be forged and might not have originated from
your friend's computer. It is probably not a DIY task, but an
examination of the message headers might reveal the source of the spam.
Spamcop at http://www.spamcop.net/ analyzes message headers and reports
spam to the originator's ISP, although I am not convinced that spam
reports serve any useful purpose.

 

If you and friend have another friend, in common, that other friend could be
infected. Also, many friends send email using "Cc:", instead of "Bcc:", and
all email addresses are seen by all recipients. Such an email, if it winds
up on an infected computer of a unknown "friend of a freind" could be
harvested, and used, by spammers.

 

Very grateful for the responses. Thank you both.

1. VIRUS/SPYWARE PROGRAM: I use Windows Live OneCare as my virus updater and
spyware scanner. Almost as soon as I opened the problem message and realized
what had happened (about 2 hours after the problem email was sent to my
computer--I was using different programs) I ran OneCare scan. The report
says nothing was found, either virus or spyware. My OneCare program is
supposed to keep my virus definitions etc. current automatically. I don't
know how they do the spyware scan since it happens in the background.

2. SOMETHING ELSE HAPPENED: It's comforting to be affirmed in my suspicion
(as you wrote, Bob) that the danger is less since I hadn't opened any
attachment. However, something else ALARMING happened just this morning.
Shortly after I sent this message to Communities this morning, my computer
audibly announced to me that I had been chosen to receive a free Mac
notebook! WOW!! Imagine that!!! But I'm really alarmed now because I've
never had anything like this happen before and, as it happens, the bogus
email was touting electronic goods from China, including laptops. Might be a
coincidence but I'm sure concerned. I use my computer for online banking,
etc.

3. DOWNLOADING ADDITIONAL PROGRAMS: After I got this laptop last summer I
decided to be very picky about what programs I download since I thoroughly
enjoy the speed of having less "stuff" on my computer. In addition, I
initially experienced some conflicts between the McAfee virus program and the
Vista OS and learned that many websites were not compatible w/ Vista at that
point. I'm sure that might have changed by now but I've been wary of more
downloads for a full year!

That's my hangup if you will about downloading more programs. I have used
both Spybot "Search and Destroy" and Lavasoft's Adaware on my previous
desktop and found them useful tho I thought they really slowed things down.
Would it work to download them, run their checks, and then delete the
program(s)? (Seems that even when one does try to delete a program there's
always "something" left over hanging around to complicate life).

I don't suppose there's any way a program could run from a CD, do its thing,
but not put anything on my hard drive? Is that possible?

4. WINDOWS DEFENDER: I removed Windows Defender from my computer when I
signed up for Windows Live OneCare b/c WLOC said that both were not necessary
(and indeed, as of last fall anyway, there were some conflicts there too).
Maybe Windows Defender would have helped protect against spyware??

5. MY QUESTIONS:

*In your view can I simply rely on Windows Live OneCare to do the
job of searching out any adware or spy programs? What I DON'T want of course
is a keylogger program. Unfortunately, w/out thinking carefully, I went
online this morning w/ my bank! Probably a bad move. Dumb to take the risk
w/o further checking. The audio message hadn't come then and it was about 6
am when I wasn't thinking rationally I guess.

*Would changing my eddress make any sense at this point? When I
think of the dozens of places that eddress is in personal profile
information it's a daunting tasks if not necessary.

More advice would be greatly appreciated!

 

The functions of Windows Defender are included in the current version of
OneCare.

 

Inline
--
...winston
ms-mvp mail

More info needed..when did the message occur
- web surfing
- on startup
- opening an email
- opening a different application

No..Not all malware scan programs are 100% effective

No. But changing your password for your account would be appropriate

 

1. VIRUS/SPYWARE PROGRAM
I have no experience of Windows Live OneCare - so I can't comment on how
effective it is. However, no anti-virus software can ever be 100%
effective. Furthermore, there can be a time-lag between the emergence
of a new virus and the provision of updated definition files.

You should never install and operate two resident anti-virus programs
simultaneously. However, I stand by my previous advice to run a
completely different on-line scanner, such as Kapersky. The on-line
scan will not remain resident on your computer and although it will take
a while, it should not conflict with Windows Live OneCare.

The same applies to a one-off scan, using the free, on-line scanner from
McAfee at http://us.mcafee.com/root/mfs/default.asp?cid=9435. However,
I would not want to install McAfee or Norton/Symantec products, which
have become so bloated that they often have a detrimental effect on
speed.

2. SOMETHING ELSE HAPPENED
Strange! Did the audible message occur, when you opened another email?

3. DOWNLOADING ADDITIONAL PROGRAMS
I agree you should be cautious about installing additional software.
AFAIK the free version of Ad-Aware 2008, does not start up
automatically, when you boot your computer. The free version does not
offer resident protection and you have to initiate scans and update
definitions manually. Ad-Aware should not slow your computer at other
times. Similarly, Spybot S&D (without the Tea-Timer add-on) should not
slow your computer. Furthermore, Spybot S&D adds "suspect" web
addresses to a banned list in the HOSTS file, which prevents your
computer from connecting to identified problem sites.

4. WINDOWS DEFENDER
If Microsoft has confirmed that you don't require Windows Defender in
addition to WLOC, then fair enough.

FIREWALL
You haven't said whether you have an active Firewall and if so, which
one.

The Windows XP firewall is better than nothing - but it only provides
one-way protection against inbound attacks. However, it does not
prevent programs on your computer from sending data to the Internet. I
have installed the free version of Zone Alarm on my PC, to provide
outbound program control.

I don't use Vista , so I am not familiar with the Vista firewall.
However, a Google search led me to the page at
http://www.techradar.com/products/c...ies/other/windows-firewall-vista-37989/review,
which indicates that although the standard Vista firewall offers the
ability to filter outbound traffic by program, port and protocol, it is
not enabled by default.

If you are relying upon the Vista firewall, you need to dig into the
settings of a new administrative tool called Windows Firewall with
Advanced Security to create the rules required to control outbound
traffic. Outbound firewall filtering is essential, so I have also
checked the Microsoft One Care pages at
http://www.microsoft.com/uk/smallbusiness/products/onecare/overview.mspx.
According to Microsoft, WLOC does "Provide protection for your PC when
you send or receive data over the Internet". You will should check the
details and configuration of WLOC on your machine and in particular,
which programs are authorised to send data.

Incidentally, have you contacted McAfee Product Support for advice
regarding this recent incident?

 

Furthermore, Spybot S&D adds "suspect" web

I think it was Spybot that caused a huge problem for Windows Mail last year,
when Spybot added thousands of websites to IE's restricted sites list.

My basic philosophy is that Windows (and especially Vista) only needs a
good antivirus to make it reasonably secure. The other third party security
programs often cause more problems than they solve.

 

This is a response to both Bob Lucas and Gary VanderMolen:
THANK YOU for the time and effort put into helping me with this. I will try
the one-time Kapersky that Bob mentioned.

However, when I first got Vista I had conflict issues with other programs
(as Gary's post mentioned) and it just isn't worth the potential hassle to
download anything tho I used both AdAware and Search and Destroy with XP2. (I
don't know if McAfee has re solved its conflict with Vista--probably by now.
I have McAfee Site Advisor free from my server--puts a little green check
against websites that they've found relatively clean). I have pretty much
depended on the Vista Firewall and WLOC, both of which are fully enabled and
kept up to date, to do their thing. I guess I'm not as paranoid about MS as
some.

Last evening I did another full spy and virus scan with WLOC and it showed
nothing.

BTW, the audible "free Mac" offer came while I was on the web--THIS website
to be accurate!

I'm indeed grateful for the terrificd advice and all the time you folks
invest in helping the rest of us. Much appreciated.

 

You're very welcome.

 

If you received an offer for a 'free Mac' while viewing the Msft online communities for this newsgroup..something besides Msft is
on your machine..

You might follow these steps..
http://aumha.org/a/quickfix.htm

Then if the problem persists, follow the instructions on that site or visit the Parasites -Adware forum. Any need for posting a
HiJack This log will be provided with initial direction.

 

aumha.org etc.--That's a terrific site. I've saved it in Favorites. thanks,
Winston

I have followed many of the suggestions. Right now there is no indication
that I have any spyware but I'm still really puzzled about that audio
message. I cannot be certain but I'm pretty sure I was on this Communities
website when it came BUT the other thing I don't know for certain is whether
mynews webiste was running in the background. It hasn't happened before that
a commercial audio message has come from that site like that but I suppose
that could be the explanation. Perhaps I was being paranoid but in the
current situation.......we're all rather paranoid I think and w/ good reason.

I will run my Windows Live OneCare "full/deep" scan every day for a few days
just to be sure (after being sure the spyware and virus signatures are
up-to-date of course).

Thanks again for that great reference to the Parasite Fight website.

 

You're welcome

 

Off topic.

OK Norman, you have piqued my curiosity long enough--for at least a year and
maybe longer. What is the meaning of your signature. It's obviously a
quote--but from whom?

 

To the best of my knowledge, it is an original. From a dream I had about
being a California Army National Guard soldier in some Middle Eastern
nation. Mid to late '80s, when my C Co., 1-132d Engr. Btn. C.O. was harping
on our "Capstone Mission", and potential deployment (which would *not* have
been to the Middle East, but to Korea). There was a song being sung in my
dream, as I watched a line of refugees heading back the way I had come from.

No, I was never deployed to Iraq. I did attend a "Team Spirit" training
exercise in 1986. Larger than the old "Reforger" exercises run by NATO. ROK
Army and all branches of the U.S. Military; and some Australian
participation, as well. I missed standing at the treaty table in Panmunjon
as a result of hospitalization while I was there. Would have been fun to
tell people that I had been to North Korea.

 

Kipling influences?

DSH

 

Hi, Norman.

Thanks for the explanation. And thanks to Jorie for asking. I also have
been wondering.

I still don't understand it, but at least, I'll stop wondering about its
source. ;^}

RC
--
R. C. White, CPA
San Marcos, TX

Microsoft Windows MVP
(Running Windows Live Mail 2008 in Vista Ultimate x64 SP1)