Updated date:

How to Protect Yourself From Sending Malware to Your Friends


Glenn Stok is a systems analyst with a Master’s Degree in Computer Science. He writes instructive articles to help educate his readers.

You don't even know it's happening!

You don't even know it's happening!

Cyber-hackers use your computer to send malware to your friends. Thinking it's from a trusted friend, they open the email and click on the attachment that installs the malware on their computer too.

That continues to spread among all contacts. You don't even know it's happening unless a friend contacts you and asks if you indeed had sent that email.

How You Can Stop the Spread

Be alert to emails that you think have come from a trusted friend that asks you to follow a link. Otherwise, you will be another trusted friend who spreads mayhem.

Don't include yourself in the chain that leads to this turmoil. Use due diligence when reviewing your incoming emails. You will be protecting yourself from getting a virus installed on your computer.

You will also be protecting your friends because once you stop malware in its tracks, you avoid letting it continue spreading to your contacts.

Example of How Trusted Friends Spread Malware

I once received similar emails from two friends at about the same time. Both emails had a link to a site and mentioned that I should look at this interesting site. However, it didn't say why I should look at it.

It was immediately apparent that both my friends had a virus that spreads by looking like it is sent from a trusted friend.

Instead of clicking the link, which I knew was asking for trouble, I just deleted the emails. These types of emails can contain a link to a site that plants a virus or malware on your computer. That's why I won’t follow the link.

Getting two similar emails from two people at the same time was a clue that my friends did not write those emails.

Even if I had gotten just one, I still would not have clicked the link. I'll tell you why. If it were a real message from a friend, they would have mentioned more specifically why I should click the link.

If a friend sends me an email without having the courtesy of including a meaningful reference in the subject field, too bad, they should know better. I won't open it for my own safety.

Teach this to your friends. Spread the knowledge for their safety and yours. They need to understand to use proper computer etiquette.

How a Computer Virus Duplicates and Spreads

A computer virus can copy itself and spread to other computers.

  1. It does that by looking for email addresses in your email directory as well as any email addresses contained in the "TO:" field or the "CC:" field of emails you received from other people.
  2. Then it uses your own email program to send an email to all your friends, like the one I was talking about above. That email contains a copy of the virus as an attached file.
  3. Each time any recipient opens the attachment, the process continues. It keeps repeating this propagation from one person's computer to another.

Your friends make it easy for these viruses to spread by not hiding email addresses in the BCC (blind copy) field when they send a message to multiple people.

If any of the recipients have a similar virus, everyone else gets an email with the virus. Friends who are not computer savvy will click the link and continue spreading the virus because they think they received the email from a trusted friend.

That explains how I got two of those emails at the same time. It happens quickly. You have ten friends, and they each have ten friends. That is already 100 copies of this virus. It just keeps duplicating itself that way. They each have ten friends, and now there are 1000 copies.

By the 4th generation, there are 10,000 copies! By the 5th generation... 100,000.

You can see that a million people will have the virus just after six repeated generations of friends opening the email attachment.

That means that you are responsible for millions of cyber-attacks if you are one of the people in that chain.


How This Is Used in Cyber Warfare

Some of these viruses were created for one reason. They may be benign to you and me, but they have the purpose of attacking a specific target.

They use us to spread the attacking software in search of something specific to carry out its task of destruction.

Remember what I explained about a million copies existing in just six generations. Eventually, a copy of it will reach its desired destination. Possibly finding a computer in the Pentagon or the U.S. Defense Department and sending back all the data on those computers to the host.

In May 2011, defense contractor Lockheed Martin was hit by a cyber attack made possible by malware that was carelessly introduced into their system.1

It requires a human to allow a virus to become active. Too many people allow themselves to be fooled by emails that ask to click a link that ends up freeing the malware that activates a virus. They need to learn to do their due diligence with email requests to click a link.

There are ways to investigate the actual source of the email from its header info. The sender's address is useless because it can be forged. Besides, the sender might be a trusted friend spreading copies of the virus to all their friends.

The Consequences of Cyber Warfare

This carelessness can lead to cyber warfare.2 Here are two examples:

  1. A virus might be searching for nuclear power plant's control server to instruct it to disable the cooling system and create a meltdown.
  2. Another might shut down the U.S. power grid or disrupt telecommunications.

Recommended for you

Malware in Computer Chips

It has recently been discovered that the Chinese have been including malware in the computer chips we import. Malware or viruses in chips used in military applications could interfere with a weapon’s intended purpose.3

So far, these viruses have been stopped in their tracks before doing anything nasty. However, many of them already had infiltrated government computers to get vital information that hackers needed to get their hands on.

On the other hand, they may have been paid to do it for someone who wants the data with a desire to trigger something more serious.

These are Cyber Terrorist

The outcome can be catastrophic:

  • They are using the Internet to create destruction in the real world.4 The data these hackers find is sold to terrorists planning worse catastrophes.
  • They can gain control over a computer server that controls telecommunications, the national power grid, or anything related to national security.
  • Classified government information can be used against the U.S. and hinder our national security.

To Conclude

Now that you know why people spread malware and how to detect it, remember these crucial steps to take:

  • Question strange emails that ask you to click a link even if it seems it came from someone you know.
  • Don't click links unless you are 100% sure it's safe.
  • Contact your friend by other means to confirm they sent you that email. If not, let them know they might have malware.
  • You're in control, and you can stop the mayhem.


  1. Lockheed Martin hit by cyber attack. (May 29, 2011). The Associated Press (CBS News)
  2. Cyber Defense (Dec 14, 2017). North Atlantic Treaty Organization
  3. Gerald Posner (Jan 12, 2010). China's Secret Cyberterrorism. The Daily Beast
  4. John P. Avlon (Oct 20, 2009). The Growing Cyberthreat. Forbes.com

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2011 Glenn Stok

Reader Comments

Glenn Stok (author) from Long Island, NY on October 26, 2013:

PegCole17 - I know a number of people who fell for this tactic. When one thinks an email is from a trusted friend it is easy to think it's for real. That's why it's so important to pay close attention to detail. If the subject is strange, or there are other addresses in the To Field, I usually think twice before opening an attachment. Thanks, Peg, for stopping by.

Shasta Matova from USA on October 26, 2013:

My virus scanner is doing its regularly scheduled scan as we speak. I've gotten those vague emails and I ignore them as well, although one person did ask me why I didn't open it. I told her to be more descriptive in the emails in the future. I don't think many people realize that there are bigger implications than a virus lodging themselves in their own computer. I didn't realize that the message also gets sent to recipients of incoming mail and not just people in the address book. I appreciate this warning.

Peg Cole from North Dallas, Texas on October 25, 2013:

Thanks for this important and valuable explanation. This has happened to me, too. Receiving an email from a trusted friend is quite a disarming tactic.

Glenn Stok (author) from Long Island, NY on October 07, 2011:

sasanka7, To answer your question, it can be stopped by educating people to NEVER click on links in emails. Even if it comes from a trusted friend, since your friend may have let a hacker get control of their email program (by clicking a link) to send copies further. Every time someone tells me they have a virus, it turns out they let it in themselves.

sasanka7 from Calcutta, India on October 07, 2011:

Very useful information. Frequently i receive some messages, mainly from Africa that i have selected / win for some gadget / some lady is earnestly asking for help or something like that or my trusted friend request me to sign in for some site etc. Though I never open them yet in India it is seen that renowned & innocent persons are being cheated by them. How could it be stopped? Although there are some sites to help cyber crime yet it takes time to have any remedy.

Glenn Stok (author) from Long Island, NY on August 22, 2011:

samsons1, thanks for the vote up and stumble. Hopefully it will help others who might otherwise get scammed.

WannaB, You are doing the right thing notifying your friends when they have a virus that sends itself to you. Unfortunately I had the experience where I warned a friend that she had a virus and she didn't understand how I knew. So she ignored me until she started getting 200 of her contacts complaining to her that she sent them a virus. How silly is that? Thanks for your comments.

Barbara Radisavljevic from Templeton, CA on August 22, 2011:

Thanks for mentioning this. When you make your living on the internet it's easy to forget what you did as a newbie and assume all your friends have the same level of awareness that you do. I can normally spot a scam or junk mail just from the header now, and I've learned not to click any link with no other bit of information -- no matter whom it's from unless I'm expecting it. I regularly get this sort of email from someone who spends little time on line and has a Yahoo address, and I immediately delete them. I keep very few contacts in my yahoo account, so the one time I did get hacked at Yahoo, the damage was limited. In that instance, I don't think I clicked anything. I know a couple of friends were hacked once before I was. When their messages came, I spotted them at once and notified the owners of the email account, who, by that time, already knew. This is something they should teach in computer courses and books for those just getting a first computer.

Sam from Tennessee on August 22, 2011:

voted up and useful! Thanks Glenn for the 'reminder', it never hurts to be cautioned again, and just might save us expense and heart ache. I will stumble also...

Glenn Stok (author) from Long Island, NY on August 22, 2011:

BlissfulWriter, thanks for adding that. I discover many times that some friends never upgrade their anti-virus software and they think they are still protected.

BlissfulWriter on August 22, 2011:

Also, all computers should have up to date anti virus software.

Related Articles