New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Switcher Hangout The place for switchers to discuss their new machines, and how to work with OS X. General support can be had here for newbie stuff, like "How do I restart my new iMac?" :)

Email virus


Post Reply New Thread Subscribe

 
Thread Tools
JillyB

 
Member Since: Mar 23, 2010
Location: Suffolk, UK
Posts: 6
JillyB is on a distinguished road
Mac Specs: Macbook Pro - leopard

JillyB is offline
I hope this is in the right place

I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
Thanks.
QUOTE Thanks
Nethfel

 
Member Since: Feb 25, 2009
Posts: 2,082
Nethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of light
Mac Specs: 2012 Non-retina MBP, 2.6GHz i7, 8GB RAM, Antiglare Screen

Nethfel is offline
How have you confirmed that your Mac is the source of the emails?

My Macs: 2012 Non-Retina 15" MBP; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)
QUOTE Thanks
JillyB

 
Member Since: Mar 23, 2010
Location: Suffolk, UK
Posts: 6
JillyB is on a distinguished road
Mac Specs: Macbook Pro - leopard

JillyB is offline
No I haven't. I don't really know how to tell where it came from since it doesn't appear to come from the PC's
QUOTE Thanks
Nethfel

 
Member Since: Feb 25, 2009
Posts: 2,082
Nethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of light
Mac Specs: 2012 Non-retina MBP, 2.6GHz i7, 8GB RAM, Antiglare Screen

Nethfel is offline
Who has told you that you are actually sending the emails? What antivirus software do you have on the PCs? Can you get ahold of one of these spam viagra emails with full headers to help track down where/how they were sent? You may not be sending them at all, but someone else may be and using your email address as the reply address.

There are no - to this date that I'm aware of - viruses in the wild for the Mac. Now, there are some trojans, but those are usually obtained via illegal downloads or some porn sites.

Right now, my guess would be that it may be one of the PCs that might be infected that the virus scanner is missing the infection - assuming that the emails are even coming from you and aren't just spoofing your email address

My Macs: 2012 Non-Retina 15" MBP; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)
QUOTE Thanks
JillyB

 
Member Since: Mar 23, 2010
Location: Suffolk, UK
Posts: 6
JillyB is on a distinguished road
Mac Specs: Macbook Pro - leopard

JillyB is offline
the Emails are being sent from my email address as I can see them in my sent folder also some people have replied asking me about the link or telling me I have a virus. I can open the sent emails they just contain a link but I can't see a way to tell where they came from apart from my email address.

The Pc's have AVG, McAfee and Norton antivirus, Not all of them on each of course!

The only thing I can think of is that I downloaded a font last week but it wasn't via Email and it was a couple of days before the emails were sent.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,435
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Most likely you don't have any problem at all. Here's why:

Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from barrack_obama@whitehouse.gov. This phenomena is known as "sender address spoofing" and is quite simple to do.

So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from John_smith@anymailservice.com and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
JillyB

 
Member Since: Mar 23, 2010
Location: Suffolk, UK
Posts: 6
JillyB is on a distinguished road
Mac Specs: Macbook Pro - leopard

JillyB is offline
Thanyou for your replies.
cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.
QUOTE Thanks
Larry H

 
Larry H's Avatar
 
Member Since: Nov 21, 2009
Location: Pacific Northwest
Posts: 107
Larry H is on a distinguished road
Mac Specs: Mac Mini 2.53 Intel Core 2 Duo 4GB

Larry H is offline
One thing not mentioned by JillyB is what kind of email is being used, either web based or computer based.

Would it matter if the email is web based (Gmail, Yahoo, etc) or if the email is computer based through a server like Earthlink?

Perhaps I don't fully understand this situation, but if the emails are in JillyB's sent folder, doesn't that mean that they were sent from JillyB's computer?

Larry H
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,435
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by JillyB View Post
Thanyou for your replies.
cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.
And you're certain it's limited to just people on your contact list? Do you have an example of one of the suspect emails?

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
Nethfel

 
Member Since: Feb 25, 2009
Posts: 2,082
Nethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of lightNethfel is a glorious beacon of light
Mac Specs: 2012 Non-retina MBP, 2.6GHz i7, 8GB RAM, Antiglare Screen

Nethfel is offline
Another question is - is this an imap account? If it is, then the sent messages box is actually a box referred to on the server which *may* mean the email server itself *may* have a virus of some sort...

My Macs: 2012 Non-Retina 15" MBP; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)
QUOTE Thanks
osxx

 
osxx's Avatar
 
Member Since: Jan 19, 2008
Location: houston texas
Posts: 4,567
osxx is a name known to allosxx is a name known to allosxx is a name known to allosxx is a name known to allosxx is a name known to allosxx is a name known to allosxx is a name known to all
Mac Specs: 09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3

osxx is offline
Quote:
Originally Posted by JillyB View Post
I hope this is in the right place

I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
Thanks.
I cant think of a better way to slow your computer down since thats all AV
programs seem to do on a Mac.
QUOTE Thanks
Brad79

 
Member Since: Feb 22, 2010
Posts: 7
Brad79 is on a distinguished road

Brad79 is offline
Quote:
Most likely you don't have any problem at all. Here's why:

Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from barrack_obama@whitehouse.gov. This phenomena is known as "sender address spoofing" and is quite simple to do.

So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from John_smith@anymailservice.com and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.
I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,435
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by Brad79 View Post
I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.
You are correct, I missed that records were sitting in the Sent Items folder.

Jilly, the easiest thing to do would be to download and install ClamXAV:

ClamXav - ClamXav 2.0 Public Beta

When you get it up and running, click the Update Definitions button, then begin your scan. If it finds anything, report back with the name of the threat please so that it can benefit our knowledgebase.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
IvanLasston

 
IvanLasston's Avatar
 
Member Since: Feb 26, 2010
Location: Rocky Mountain High, Colorado
Posts: 2,116
IvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to behold
Mac Specs: 1.8 GHz i7 MBA 11" OSX 10.8.2

IvanLasston is offline
Keylogger or hack is a good point. One thing to do right away is to change the password for that email account before anyone else does - if this is the cause it may stop any more spam from being sent as well.

Also have you hooked up to any open networks lately and checked mail? It could be a man in the middle/honeypot attack that grabbed data like cookies and log ins but that is a pretty sophisticated attack.

Have you logged into some library computer/coffee shop compuer/friend's computer to view this mail? That is where the keylogger could have come from.

Are you using Mac mail or Entourage or Thunderbird? Check the rules for each/any of these programs to see if someone put something in there too.
QUOTE Thanks
JillyB

 
Member Since: Mar 23, 2010
Location: Suffolk, UK
Posts: 6
JillyB is on a distinguished road
Mac Specs: Macbook Pro - leopard

JillyB is offline
Thanks for all the advice

I haven't 'sent' any more emails today thank goodness

I have changed my password on the account

My other half has bought some antivirus software so I will try that and see if it comes up with anything when it arrives. I understand that most people don't think AV works on a mac but I am reluctant to download anything at the moment!

I think Ivan may have correctly identified where it came from as I did log on to my email at college BUT I was still using my own mac just on a different network.

I don't use a specific mail manager it is just an aol mail account.

I do have lots of examples of the emails they just contain a link and seem to have been sent to two contacts each time.

they were all sent over about and hour and a half
they are as follows
(no subject)
from: my email address
To: contact1 contact2
Date: Mon, 22 March 2010 21:36

link

I have just noticed that they do not contain the same links
QUOTE Thanks

Post Reply New Thread Subscribe


« Remote Desktop a Mac on a PC | Mac Folder Navigation is KILLING ME!!!! »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
can't attach ms word doc to email, doc is rejected as having a virus vaeyle OS X - Apps and Games 2 07-26-2009 08:29 AM
Mac Native Email Problem schwine OS X - Apps and Games 0 02-24-2009 06:22 PM
How do I handle email with iPhone syncing? RickR iPhone Hardware and Accessories 0 07-04-2007 07:25 PM
Potential email virus? drgnfille OS X - Operating System 1 03-02-2006 10:41 AM
email virus thing that i hate pcrap Schweb's Lounge 3 10-12-2005 11:40 AM

All times are GMT -4. The time now is 06:53 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?