SPAM as a Result of Signing Up for Norton Community

Dear Community,

I am aware of the thread regarding SPAM begun by rcthacker.  I have started a new thread because my SPAM, unlike his, is clearly a result of having signed up for Norton Community.  And, secondly, because the other thread is already 3 pages.  Earlier this evening, my email inbox contained both a genuine message from Norton dated October 16, acknowledging my sign-up for Norton Community, and a SPAM masquerading as a message from Norton dated October 17.  Here is a copy of the latter:

 

fromNorton Community <namembers@symantec.com>

to XXXXXXXXXXXX@gmail.com (Yes, this is you.) Learn more     (name redacted) 

dateSat, Oct 17, 2009 at 3:48 PM   

subjectThank you for joining

mailed-bysendgrid.me

signed-bysendgrid.me

hide details Oct 17 (2 days ago)

Thank you for joining the Norton Advantage community.

Here are your credentials for reference:

Login: XXXXXXXXXXXX@gmail.com    (name redacted)

Password: XXXXXXXXX (password redacted)

Click here to login http://www.nortonadvantage.com/advantage-login.jsp?email=XXXXXXXXXXXX%40gmail.com    (name redacted again)

Advantage members can write reviews on Norton products, send offers to friends, and gain access to Norton content, videos and podcasts.

Thanks for supporting Norton!

Your Norton Advantage team

 

 

This spammer clearly knew that I had just signed up for Norton Community, and this was a phishing attempt based upon that knowledge.  Unfortunately, I opened the message, based upon its having been sent by "symantec.com," before I knew the parts about "sendgrid.me" -- If anyone knows how to get the header info from a gmail message without opening up the message, I would appreciate hearing about that.  I never heard of a way to do that in any email program before reading the rcthacker thread in this forum.  I ran a scan using my NIS 2010 program, of the C drive, and will scan the whole system again tonight.  I will read over the rcthacker thread for other advice -- I remember some things about a way to generate a new email address for every website you register with.  That will be for future protection.  But if anyone can advise about what infections could have happened as a result of merely opening the SPAM message, and/or what types of malware control efforts I might need to expend now, please let me know.  (The only "symptom" I have seen so far is that, when the SPAM message was actually open on my screen, the lower border below the email message was flickering annoyingly.  After I deleted the message the flickering stopped.)

 

I think I know part of how this happened, in my case.  Google allows companies who pay it to advertise in the right margins of gmail messages, access to at least part of the content of those messages.  For example, when my brother emailed me about his camping trip to the Smoky Mtns in N. Carolina last summer, the ads down the right side of the message were for rental cabins in the mtns, and similar things.  It's a little creepy, actually.  When I signed up for Norton Community, Norton responded with an email, and required me to click a link in the message to verify that the email address was genuine.  When I did that, the spammer was privy to the info, as a result of Google's success in "monetizing" the internet and Norton's requirement that I click a link in a message..

 

What that does not explain is how the spammer got the password.  Is that info buried in the genuine Norton Community message I received?  Any ideas?  Needless to say, I will be changing the password right away.

 

Best regards,

azhiker