Ok that's weird

[gwynhefar]

I went to reply to an email from a friend of mine through gmail and immediately got a 'message undeliverable' notice. I was confused, since what I'd done was hit 'reply' from within her email, which should have sent the message right back to the email address she'd sent hers from. I looked closer and the notice mentioned that the address that was undeliverable was 'upgrading1 at live dot com'. That is *not* my friend's email address. I looked it up, and it's apparently a phishing address. I went back to my friend's email and hit reply again, and this time paid attention to the pre-filled-in address. Sure enough, it was the upgrading1 address again. I had to manually replace it with her actual email address. I know her message wasn't a phishing attempt - she was writing to confirm our dinner plans for later in the week. So how did the phishing address get in the autoreply field? And what can I do about it?

Comments

[feste-sylvain.livejournal.com]

First off, there's no need to protect a phishing address like upgrading1@live.com; if spam-bots hit them, that's all that they deserve.

But you should definitely tell your friend what happened, because one of the prime methods for that insertion is malware on her computer, post-processing her outgoing email. (It can also happen at her ISP, but unless they're complete incompetents, they scour for that kind of worm all the time.)

If you still have the original email which had this problem, open up the details and see whether any of the headers have upgrading1@live.com in them.

And have your friends check your email headers as well.

[gwynraven.livejournal.com]

I didn't do it to protect them -- I honestly don't really know how it works, so I wasn't sure if posting the full address would call attention to me, so to speak. I'll certainly let her know. Is there a way to detect if her email spread the malware to me, and if so, remove it?

[feste-sylvain.livejournal.com]

Virus protection and removal is an entire industry; I don't have any quick answers for you, but I did check the last email I received from you (from your gmail account, on Sunday) and it was clean. If the malware is on your computer, it does not affect email you send from your browser.

If you don't have anti-virus software on your computer, you had better not be running any operating system from Microsoft. (Apple is also vulnerable, but they're such a minor share of the market that most virus writers ignore them. Ditto Linux.)

That said, and this is for your friend as well, most commercial ISPs provide commercial anti-viral software (such as McAfee or Norton) as part of your subscription; they don't want your computers to carry or harbor viruses either. Your friend should definitely ask her provider (even if it's a university) whether they provide such a service.

If she's already running one, it may need updating.

[gwynraven.livejournal.com]

Well, since I just got the email from my friend this morning, I wouldn't have had it yet when I sent the email to you Sunday. I'm on my work computer right now, which I know is virus protected to the nines, but I'll ask my IT guy about it as well. And I'll delete her email for good measure. Hopefully that will take care of things.

[feste-sylvain.livejournal.com]

Don't delete the email before the IT guy has a chance to see it.