The Virus, part II

VIRUS UPDATE: Things are more complicated than I hoped. My full-time antivirus (BitDefender) didn't catch or find a virus, nor could Kaspersky anti-virus, Super Anti-Spyware, Symantec Security Scan, or Spybot Search and Destroy. I also have a good hardware firewall between my laptop and the Internet. If there is a virus on my PC, it is beyond the means of the majority of tools out there to find. I did some research on the message that was sent from my email and other unfortunate people have been getting hit with a very similar attack since at least December 2007. I actually received one of the bogus messages from someone else in early September. In all the forums I have read, not a single person attacked in this manner actually found a virus or malware or trojan on their PC.

So where did it come from? My current theory is that it isn't on my computer. Something stole my password or brute-force attacked my account, logged into my email, and starting sending messages. A forum at MajorGeeks says that a keylogger on a computer I used somewhere recorded everything typed into that PC and is smart enough to tell when an email address and password is typed in. Another possibility is that while I was surfing the web, a vulnerability in Java allowed a website to get my email password. The first thing I did after discovering the issue was change my email passwords -- making each even more complicated and different than the others -- so hopefully that will help prevent another outbreak.

What you should do: Change your email password! This attack has hit people using Gmail, Yahoo!, and (mostly) Hotmail. Both Mac and PC users, too. Also, if you have an email service that provides a password reset utility that uses a 'question and answer' type security check, make sure your question and answer couldn't be guessed. For example, my Hotmail account had the question, "What was the name of your first pet?' and my answer was the too-common "Snoopy". It was true, but easily guessed. No one would ever guess a family member's hometown, so I have changed it to that. If you have stronger suspicions of a virus on your PC, the guides here are very thorough (plan on taking half a day to clean your PC) but cover all the bases. If you use a password similar to your email password ANYWHERE on the web, change it. It is possible that I used the same password as my email password somewhere and that website was hacked (or wasn't legit to begin with) and they then tried it on my email.

Argh!