Usually it means that the sender's mail account has been compromised and a spambot is sending rubbish to everyone in their address list..

I note that the Icecap site has been hacked recently. Maybe someone is up to something on skeptical sites

attempted hack possibly, bet one of the links was not going where it purported to be going.

>The mail was not from O'Sullivan - it was an email address made to look like his. Also, those name in the post were the only people on the email "to:" field

That still sounds like a virus to me. Changing the email address around is something they do.

John O'Sullivan has confirmed that he did not send it, but I was already sure it was not from him. I have saved the file that loads from the link if anyone wants to do some sleuthing and could forward it with the original email. Its name, different from the link, is

xgreencoffee-fastfatburn_com.html

Onlinelinkscan and AVG say its OK but I am running Sophos now on the M/C that I ran it, to very sure. I think it is just an irritant locking you out of the browser but still leaving the task manager accessible to kill it. For those even less savvy than me it would be a real pain.

Somehow I suspect there is a clue in the greencoffee bit!

Could be targeting but if so it's inept, which doesn't rule it out. "Normally" it'd be all sent to recipients via bcc so the "to" line wouldn't show the other recipients.

Lurker,

I think it clearly targeted and intended to have a number of known skeptics moaning at JO. I just do not believe a spambot with millions of addresses to randomly choose from would pick only five skeptics. (Off out for afternoon now)

This will appear in the next paper by that professor of conspiracy theories and that cartoonist bloke from Oz. I'm 97% sure of it.

I agree with BH, it's targetted. It's not difficult to spoof the From address. (but harder to do that with the routing data that's accessible with the right tools)

I have found that submitting the email to spamcopDOTnet can be helpful in finding the true source.

Someone who has all your email addresses held on their machine has had his system compromised. The 'From:' address in an email is NOT a reliable field - you can put anything you like in it. So the message probably hasn't actually come from who it says it has...

There's a common technique in dodgy software - read the address-book of a system's email application, and then send emails to all the addresses, purporting to come from one (or more) other addresses on the list.

People are more likely to click on a message if it apparently comes from someone they know, and if two people are in one address book, chances are that they know each other. You might use this trick just to get clicks on web pages to increase advertising revenue, or for something more sinister...

I have received a couple of these in the last few days. The sender's name appears to be someone you know but revealing the actual email address, it is from an unknown. The links are to different weirdo sites judging from the urls (i didn't click on them). I think this is not serious nor targeted (as I am a nobody who doesn't' comment anywhere except once in a blu soon) but one of those bots who try combos until they work and I would be bet that the links are to viagra adverts. I just deleted the emails, and sent the purported senders an email telling them to change their passwords.

Someone hacked his email and sent an email to a selection of people in his address book. In fact his account might not have been compromised by "someone" as there are bots out there that do this. It might not have even been his account that was compromised it could have been a common 3rd party. Who knows.

This has happened to me before (password was too weak - never again!).

Not a Yahoo email account or associated account by any chance?
I got a "hey" email with coffee links from one of my own secondary email addresses a couple of weeks ago.
This was from a Telecom NZ ... @xtra.co.nz account - but the web based version is driven by Yahoo.
It had my usual email address in its address book.
Telecom NZ advertised this problem and advised password changes.

I don't think it's an address book that has been compromised - only those names? All with sceptical views? From a "greencoffee"? No, this is deliberate, but it might be more to irritate.

To me, "green-coffee" is saying, "hey, this is a wake up call from the greens" and the "fast-fat-burn" means they might want to burn you/melt you or get rid of what they see as sceptical excess.

The whole message is green. Sure I could be wrong, maybe a bot picked up a reference to "green" and is advertising genuine green coffee... But to only to those names? I don't think so. Someone is having fun with words and hiding the message in them. Clearly do not trust the links.

Now I'm off for my cup of coffee - it's 6:00 a.m. here in Australia and I'm not awake yet.

It could happen to anyone. Unlikely to be targeted.

I find www.virustotal.com is useful - scans either files or URLs using 40 or so different antivirus programs.

kellydown,

Unlikely to be targeted? Lets see.

I am a bit disorganised and do not full categorise all my email contacts, but since using gmail two years ago I have amassed 255 contacts. I have just trawled through and eyeballed 31 who like the Bish and I have had a bit of exposure as sceptics. Counting the sender, the 'greencoffee' email included seven sceptic names. By my calculations the odds of randomly picking seven sceptics are over 4.8 million to one.

If the numbers were just 100 contacts and 50 sceptics the odds would still be over 160 to 1

I don't know - I found a couple of mails promoting green coffee-based products when I searched my spam log. And it's supposed to "burn fat".

Wouldn't surprise me if the purpose of the emails was to get you to click on a link, which would then install spyware on your computer. Which means that whoever did it could then read all your emails, inbox and outbox, and perhaps engineer an incriminating email supposedly coming from you, which would become a bit of a cause celebre at the Guardian and its ilk. Personally, Bish, I would make absolutely sure you don't have spyware on your computer right now, and I would email all the other recipients to ask them to clean up their computers as well.

Think Peter Glieck.

Espen,

What you say does not mean that the email that I received was not targeted. Almost certainly, I am not the only one to get an email with the link to the 'greencoffee' advert url. Anyone getting it could forward it. I forwarded it to JO to ask if he was aware. Spoofing the senders email address used to be very simple. It is bit more difficult now. See:http://en.wikipedia.org/wiki/Email_spoofing. The Link still works, despite my advising the web site that is hosting it.

John,

Yes, I thought Glieck. I don't know how much time it needed but I shut the M/C down quickly AVG and Sophos did not find any malware.

IP address 142.4.206.25.

On the same ASN are such delights as "daddy and daughter ****"
this can end up on the mugs browsing history, and their IP is logged on the spoof server, and an anon grassup follows.

Perv Plod kick their door in, take their computer....etc.

Targeted, I think.