I got a spam email from a friend's GMail account. Does this mean a virus?

It sounds like a virus got into her email and got her address book.

The from: address – and every other bit of an email’s message header – is easily spoofable.

To use yet another technical term, email works on the Honor System: it simply trusts whatever it gets.

So while it’s possible your friend’s PC is under virus siege, it’s very likely that someone rogue sent an email from a completely different source and simply inserted your friend’s email address into the from: field.

@GeorgeGee Every now and then I get a returned email I never sent. So as @robmandu said, in these cases my email address was simply “borrowed”. It saves them getting a whole ton of spam, don’t you think? That wouldn’t do, would it!

it means a spambot has her email address and is using it. Whether that spambot can pick up your address when youopen it is something I don’t know, Obviously someone has @robmandu ‘s.

Yes, and it’s even worse when they get into an account you no longer use, and don’t even know the password to go in and close it down.

As @robmandu said, email works on the honor system. So, anyone with an e-mail server or access to one over telnet can send an email appearing to be from any email address.

In gmail click on the triangle next to the reply button then show original. This will show the path of the email, where it originated, what servers carried it through. Compare this to an email with one from your friend to easily spot the differences. You’ll get used to viewing headers with practice :)

Now as to how… either using a weak browser injected with a script, any good old javascript could grab contacts after he logs in to his email and uploads them to a list on a server. Or he used his gmail ID to download contacts somewhere and they were sold by the service to a third party. Among other possibilities.