The "C" Branch

Jaded commentary on random shit, with an extra helping of cynicism, satire and general contempt for society & Western culture, religion, politics, celebrities, technology, business & more.

Feb 08

How to fix the “New Shopping New Life” Virus


Recently one of my clients faced an issue where all email sent to him would be automatically responded to with the following message:

hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large
trading company from china,which is an agent of all the well-known
digital product factories,and facing to both
wholesalers,retailsalers,and personal customer all over the world.
They export all kinds of digital products and offer most competitive
and reasonable price and high quality goods for our clients,so i think
we you make a big profit if we do business with them.And they promise
they will provide the best after-sales-service.In my opinion we can
make a trial order to test that.
Look forward to your early reply!

Further, he would also receive the same email from himself after anybody wrote to him.

All the forums and blogs I looked at to try and fix this indicated that it was a virus on the local computer, which it is not. So, I will tell you what really happened and how to resolve it properly.

Since I had just entirely reformatted my client’s computer and put on a brand new antivirus, and since scanning the computer several times before I reformatted it did not find anything, I was fairly confident that it was not a virus installed on the machine. Then, when I read that people using Mac were encountering the exact same issue, my suspicions were confirmed.

So here’s what really causes this. If you have a very insecure password (e.g. a dictionary word), there is a bot that will break your password and insert the quoted text above into both 1) Your email Signature, and 2) Your vacation responder. This way, even if you use an email client (like my client did), the vacation responder will still apply and be responded to all incoming email. I believe the bot is affecting both GMail and MSN/Hotmail accounts as of right now.

Here’s how to fix it.

  • Change your password to something secure.
    No less than 8-10 characters, always use numbers AND letters of both cases. A few symbols make it even better. For example, “shopping” is a terrible password because all a bot has to do is run through every word in the dictionary and it will break right into your email. Try something a little more like g8xQr?aR. I guarantee it’s going to be a heck of a lot more difficult to break that.
  • Remove your vacation responder and signature.
    You’ll need to log in to the web-based version of your Gmail/MSN/Hotmail account to do this, even if you normally use an email client like Outlook or Mail.app. Go to your email settings and clear out all that junk that the bot vomited in there.
  • Update your email client to use the new password.
    Don’t forget to update your email client to use your new email password or you’ll be whining about how that doesn’t work now too.

And, that’s it! No virus running on your computer (at least not causing this one), no malicious hackers sending an email every time you send one…just a little bot that took advantage of your poorly made password. Well, at least now you know for next time.