If you receive a message from someone you know that reads:
Please view the document i uploaded for you using Google docs.
Click here just sign in with your email to view the document its very important.
Thank you.
I have received one from Mark Antonacci. Google warns about the message as does Norton 360. I will write to Mark to see if it is real. But I doubt it. I suspect Mark’s email has been compromised.
Here is what Google reports:
"This message could be a scam" warning
About this warning
We’ll show you a warning above any message that looks like a phishing scam but comes from an address in your Gmail contacts list. When a suspicious message like this is sent from an email address of someone on your contact list, it’s possible that the person’s email account was compromised and used without their permission to send a malicious message.
What you can do
Read the message and decide if it seems like it was written by the sender. Consider whether it sounds like the person you know, contains suspicious links or content, or asks you to do unusual things like send money or provide personal details.
I recommend against opening it unless you confirm that it is from Mark. I have removed the link in this posting.
Mark Antonacci confirms:
“Unfortunately, my email was hacked today and a spam email was sent out to my contacts around 12:14 p.m. CST today.
“Please immediately delete this message. Do not open or click on any links contained in the email. If you do, your email could also become infected.
“I am sorry if this has caused anyone any trouble.
“Mark Antonacci”
There are several bugs like this circulating at present. Over the last few months, I’ve had several messages from known contacts which I call the “Green Coffee Bean” bug, sometimes twice from the same sender. The purported sender will not know of the message unless told by a recipient. Typically the subject matter will be terse, such as “hello” or may even be blank. The message content will usually only be a URL with purported sender’s name at the foot. Clicking the URL opens a silly video on the benefits of the “Green Coffee Bean”. Upon the recipient attempting to cancel the video, there is a pop-up, asking if you’re sure you don’t want to order. I suspect that this is the trap, and on clicking the pop-up, your PC then becomes infected, your address list is stolen and you risk becoming another sender. Possibly you risk other information also being stolen. Just cancel the video, delete the message, and also delete it from your Deleted Items mail-box as well. It is better not even to open the video. Don’t do it!
If you have been infected, the best thing to do is to run a FULL System scan with your AV software to remove every vestige of it. Don’t be content with just a Quick Scan.
My IT consultant tells me that the Malware Pirates are becoming more aggressive now, and will change their Malware signature several times a day, makng it difficult for the AV houses to keep up with them. You need good AV and good Firewalls to stay safe!
This also happened to a Shroud enthusiast in England last year, and clicking on the attachment which came with his e-mail opened the door for a virus, which was blocked by the anti-virus. He knew nothing about what was going on until I alerted him.