It's not really hard to fake an email sender. This is actually an old trick.
Most likely, the email(s) in question are coming from an infected computer somewhere else. The virus (no way to tell which one) downloads a number of things from it's "master controller" located wherever the virus author happens to be. The first bit these buggers grab would be the template for the spam to be sent out. The second thing would be a list of target email address' to send the spam to.
The virus then sets about generating the spam and broadcasting it to the world. Most of these buggers have their own SMTP (Simple Mail Transfer Protocol) server routines built in.
An SMTP server is a computer normally located at your ISP or your company that sends or forwards email from you to it's intended destination's email server. Most of the time, when you use an email client - like Lookout (er..Outlook) or Outlook Express, Thunderbird, or any of a plethora of others; the email client connects to the predefined SMTP server, tells it who to send the email to and then sends the body of the email to the server. The server then determines where to send the email to and then it forwards that email to wherever it's going. The target then can retrieve the email using their own email client.
A virus like the one in question has it's own SMTP capability built in so it can then bypass your ISP's (or company's) email server and send the message onto it's intended target.
So... In cases like this the virus in question is likely using your email address for both the TO: as well as the FROM: fields in the email template.
The object of doing this is obvious. It's a trick that makes it very difficult, if not impossible to track where the email originated from. Odds are excellent that the email did NOT originate on your own computer. It likely came from a computer belonging to someone you never heard of. There's also the benefit (for the spammer) of not having the email blocked should you be using a spam blocking tool/service. After all, you're not likely to be blocking your own email address!
NOT clicking on the link is probably the smartest possible move. Most likely email such as the one you described is designed to get your computer infected. A recent wave of spam promised Obama porn - but in reality, it was nothing more than a ruse to get you to download a "codec" needed to see the video that included a virus.
How to prevent such things from happening. Sadly, there isn't any surefire way of doing that except to NOT give out your email to anyone. Ever. This, of course, defeats the purpose of email on the one hand - communicating with people, friends, etc... and is NO guarantee that you won't ever get spammed. As you mentioned, you're probably pretty good at keeping up with the latest updates and such. But your friends or family may not be. Some viruses harvest email address' from Outlook or other contact databases. Most of these "phone home" with the address' they've gathered.
Case in point: I opened up a "throwaway" email address on Hotmail. Within 2 minutes of opening the account and completing the form, I had spam waiting for me in the inbox. DOH!
Also, ALWAYS remove the check when subscribing to an email that says that it's OK for you to get email from the site's affiliates. Even if you trust the primary site, you never quite know who those friends and partners may happen to be. And you don't know what their privacy policies are. You might wind up on one site and blam - you're getting spam from all over the place.
And by all means, NEVER put your real email address on your web page. That's one sure fire way of attracting a ton of spam. There are harvesters that collect mailto: links and the email address' the follow them. If you must put a contact address, make sure it's a throwaway address. One that if things get too overloaded, you can simply cancel at a moment's notice. Your best bet would be to include a web based feedback system that doesn't show your email address to anyone. It just features a subject line and a box for the message and automatically emails you with the contents without giving up anything crucial.
The bottom line: Spam is a fact of life. And most spammers will do anything they can go avoid detection. They don't want to go to jail, after all. Delete it and move on with your life. You can get a spam blocker or subscribe to a spam blocking service, but in the end, spammers are clever buggers. They'll find a way around the blocks.
Was this reply helpful? (0) (0)