Most of us have seen those spoof e-mails, when a personal e-mail address has been commandeered for the purpose of sending spam, but in this case, to everyone in your Address Book.


I received an e-mail from a good friend the other day, and it seemed entirely out of character for her. Red flags immediately popped up, and I knew that her e-mail Address Book had been compromised. Here is the text of that e-mail (exactly as it appeared):

Best goods and best service!

i would like to introduce a good company who trades mainly in electornic products.

Now the company is under sales promotion,all the products are sold nearly at its cost.

They provide the best service to customers,they provide you with original products of

good quality,and what is more,the price is a surprising happiness to you!

It is realy a good chance for shopping.just grasp the opportunity,Now or never!

The web address **********

(I removed the Web address to which it referred.)

I noticed that this e-mail had not only been sent to me but apparently to everyone in her Address Book, many names being familiar to me. A phone call to her confirmed my suspicion that she did not actually send the e-mail herself, but rather some cyber-ne’er-do-well had hijacked her Address Book. Of course, her first question was, “How could this happen, and what can I do?”

Here are a few ways it could have happened:

Malware of some sort found its way onto your computer, and its sole purpose is to harvest e-mail addresses, which are then sent along to someone else for the purpose of sending spam e-mails.
Someone who has your e-mail address in their Address Book actually has the malware on their computer.
Some Web sites actually harvest e-mail addresses from a computer, especially those that presume to share things with others or invite friends, and so on; or perhaps people who are members of those sites have ways to harvest e-mail addresses from their friends. While doing some research for this problem, I ran across a guy who claimed that this very thing had happened to him when he joined StumbleUpon, and another who claimed her Address Book was hijacked through Facebook, and yet another who had joined Fanbox.

What to do:

Scan your system for malware. I discussed spyware removal tools in a different blog piece, which can be found here. Two tools I might recommend are Malwarebites and Hijackthis. And since some malware might resurrect itself through a Registry entry, perhaps running CCleaner would be prudent as well. However, consider the risks of running a Registry cleaner. I wrote about that in another blog piece, which can be found here.
Make sure your antivirus software is installed and is up to date with the current virus definitions.
Make sure your Windows OS is current with all security updates.
Be careful of (or avoid) some (or all) of those social Web sites, especially ones that share e-mail addresses. I won’t presume to know all the good ones from the bad ones, but I avoid all such sites. I might be one of the few people without a Facebook or MySpace account, but I simply resist joining any of those types of sites.
If your computer is clean, and you’re certain you weren’t compromised at a social networking site, send an e-mail to all the people in your Address Book to give them a heads-up that someone in your e-mail circle might be compromised. I would suggest sending them one at a time or with a blind CC, however, since I advise people to never send mass e-mails — although we probably all do it from time to time in certain cases.

I’ll be going on a free house call tomorrow to give my friend’s computer a checkup. She’s pretty certain that her computer is clean, and she’s a pretty savvy user, but having a second set of eyes look for some things would be a good idea.

How about you? What are your experiences with hijacked Address Books? And please add to my lists of how this could happen and what to do if you have more suggestions.