2010-11-20

Stopping the Malicious Virus That Spams With No Subject Line

Many of you out there have probably been getting hate emails from your friends telling you to quit sending them malicious spam links to sites that offer certain "enhancement" drugs, among other things.  These emails you're purportedly sending have no subject line, and the only part of the body is a URL hyperlink to one of these malicious sites that will then perpetuate the viral love to your friend and their address book... and the vicious cycle continues.

You, at first, had no idea what they were talking about, until you checked your Sent Mail box and saw them sitting there, staring you in the face.

I still don't know what this virus is called, but I've been helping a load of friends who have been suffering its effects.  I helped them get set up with Microsoft's Security Essentials if they didn't already have a current anti-virus application on their computers, and had them ensure the virus definitions were up-to-date.

I had them all do the following:
1. Get their anti-virus software up-to-date on virus definitions.
2. Reboot their computer in Safe Mode and run a FULL virus scan on the entire computer.
3. Run a FULL scan again if a virus was detected and cleaned (to ensure that the next scan comes up clean still. We don't want viruses spawning in other already-scanned areas.)
4. Reboot into Normal Windows mode and run Windows Updates repeatedly until all critical updates have been applied.

Well, that got everyone cleaned up, but the next day more malicious emails were sent from their accounts to their address book still (including to myself.)

Baffled, I started doing more research.  While I still don't know what the virus is called, it became apparent that the malicious user was able to compromise email login credentials (haven't been able to determine through what mechanism yet...) and is now using said credentials to send emails from their own computer(s).

So to complete your eradication of this menace (and thanks to my friend Heather Serr for discovering and confirming this fix):
Immediately log in to your email account and CHANGE YOUR PASSWORD!

That should get you back in good standing with your friends, and leave you with a cleaned computer.

I would appreciate any extra information anyone can give on this situation.  Please leave comments if you know more.

Happy computing!!!