Why did my friends get spams from my email?

4

Recently I got an email with subject like "Delivery Status Notification (Failure)". It had been initially sent to my friend's old email account. The content inside that failed email was obviously one of a spam email. I wonder if some viruses infect my machine but either Kaspersky or AVG (free version) is installed in my two PCs and a notebook and it is doing fine.

My theory is that one of my friends' computers instead got some viruses and they generated such emails from a random email address to the rest of the hacked address book. Is this possible? What are your theories?

UPDATE: All the spam things have stopped since the day I posted this question. Now I wonder if my theory above is technically possible. If so, mine should not be the first and the case must be well-documented somewhere.

puri

Posted 2009-08-29T08:36:52.167

Reputation: 1 091

Did you try running Ad-Aware? – MiffTheFox – 2009-08-29T10:15:27.147

Yes, found none. – puri – 2009-08-31T08:06:13.093

You may find the emails have stopped because whoever's machine that was infected has now been switched off, the virus removed or sometimes the ISP picks up the extra traffic and contacts the infected person directly. Either way, hope it stays that way! – MPritchard – 2009-08-31T09:01:26.460

Answers

4

You've hit the nail right on the head there. Many virus's send spam from an address in the address book of the infected machine. Sending messages from a known person is good to con people into opening the virus and infecting another machine. 'Oh look, Puri has sent me some pictures'. Also, by using random users, rather than the email of the infected person prevents the infected machine from being easily identified.

MPritchard

Posted 2009-08-29T08:36:52.167

Reputation: 133

Then is there a way to fix this? – puri – 2009-08-30T06:15:45.503

As the email details both your friends email and yours, you can assume that the infected machine probably belongs someone who knows both of you. – MPritchard – 2009-08-31T08:59:42.363

4

Unless the sending mail-server (e.g. the one operated by an ISP or webmail service) checks it then an email can be sent with the From: address set to any valid address.

A recipient has to check the routing (Received: from) information in the email header to see whether this source is likely. Some emails also have Received-SPF: and Authentication-Results: entries that may add to or detract from the credibility of the claimed origin.

mas

Posted 2009-08-29T08:36:52.167

Reputation: 2 431

So you mean it's not possible for a virus to send it from my webmail account? – puri – 2009-08-30T06:10:46.107

1@puri, I was only addressing whether an email claiming to be from you actually did come from your machine/email account. On whether a virus on your PC could send an email from your webmail account, I wouldn't say it's not possible to do it directly but the greater risk may be malicious software capturing log-in credentials to hi-jack the account, for example. Equally, an email appearing to come from you could be from somebody with access to your webmail account (e.g. through knowing or finding out the password or using a session that was not closed correctly). – mas – 2009-08-30T10:16:08.233

@mas. Yes, nothing wrong with changing your password every now and then to make sure no-one has access! – MPritchard – 2009-08-31T09:02:14.463

... and some webmail services, including gmail/googlemail, will give you the time and IP address of the last user each time you log in to the service. – mas – 2009-09-01T07:21:53.133

3

Everything is possible, since virus writers have lately become quiet creative.
I wouldn't discard the possibility that this is all happening inside your own computer, meaning that it's you that's infected. Run antivirus and adware scans on you computer and maybe use a couple of online virus scans supplied by some of the better-known companies (google "online antivirus scan").

harrymc

Posted 2009-08-29T08:36:52.167

Reputation: 306 093

I have checked as thoroughly as possible but still found none. – puri – 2009-08-30T06:09:03.397

Then check your friend's machine. If both machines check out then either (1) a third hacked machine is having fun with you both, or (2) the checks were not enough and one or both of you are still infected. That's the problem with viruses - there's no sure way to know if they're present or not. – harrymc – 2009-08-30T19:47:21.317

2

It's called email spoofing

The technique is now used ubiquitously by bulk email software as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for email addresses within the address book of a mail client, and use those addresses in the From field of emails that they send, so that these emails appear to have been sent by the third party. For example:

Alice is sent an infected email and then the email is opened, triggering propagation. The worm finds the addresses of Bob and Charlie within Alice's address book. From Alice's computer, the worm sends an infected email to Bob, but the email appears to have been sent by Charlie.

Brad Patton

Posted 2009-08-29T08:36:52.167

Reputation: 9 939