Recently, we've seen some strange emails from people we know. It turns out that something has got at their contact lists - usually in Yahoo! email accounts (and providers which use Yahoo! to run their email like Sky, BTInternet, etc).
Although difficult to pinpoint exactly how this happened (it is unlikely they've been hacked as the emails don't come from their account) the likelihood is recent Adobe Flash Player vulnerabilities which have been exposed and which users have failed to patch.
Adobe Flash is a powerful tool and is used by many companies to display adverts on their web pages.
You would hope these adverts are properly policed, but evil forces can put booby-trapped adverts on these sites which may in turn infect your PC or harvest data from your contacts.
The detail of such attacks is documented very well on TheRegister .
It's not always tiny companies or dodgy sites that show these adverts. Again, TheRegister points at weather.com, a massive site which has been compromised. You innocently check the weather, and you could get unlucky. Read More on This
So what's the answer?
Ensuring you have the latest patches for your Windows Software, Anti-Virus Software and in this case Adobe Flash will help.
Another option is to disable plugins for things like Adobe Flash.
One Guide to Disabling Plugins