Relative exposure to malware

If you work at an antivirus company, be sure that family members will soon ask you questions about computers and the latest malware. Sometimes, they will even send you some. The other day, I got an odd email from my cousin, soon followed by a similar note from my sister that contained this:
The two of them – completely unintentionally – sent me a personalized bit of spam/malware. This was quite nice. After all, there aren’t so many Lyle’s in the world and I thought it was really considerate of some malware writers to address me directly. So I asked Jan Sirmer in the AVAST Virus Lab to tell me about how it was done and the goal of this malware. Here are his comments:
1)     They generally get the names by parsing email addresses. Because many users using their first name in their email addresses, for example, name@blabla.com, they can just parse the email address and they have one of your names.
2)     This is a relatively old-fashioned bit of malware designed to steal  personal details. Click on the link and it will show a page with a login table. Your email address is already entered into the “name” slot and it is just asking for your Windows ID password. It doesn’t even check to see if (continue reading...)