Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: Email virus

  1. #1
    Email virus

    Member Since
    Mar 23, 2010
    Location
    Suffolk, UK
    Posts
    6
    Specs:
    Macbook Pro - leopard
    Email virus
    I hope this is in the right place

    I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
    I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
    I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
    Thanks.

  2. #2
    Email virus

    Member Since
    Feb 25, 2009
    Posts
    2,109
    Specs:
    Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
    How have you confirmed that your Mac is the source of the emails?
    My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)

  3. #3
    Email virus

    Member Since
    Mar 23, 2010
    Location
    Suffolk, UK
    Posts
    6
    Specs:
    Macbook Pro - leopard
    No I haven't. I don't really know how to tell where it came from since it doesn't appear to come from the PC's

  4. #4
    Email virus

    Member Since
    Feb 25, 2009
    Posts
    2,109
    Specs:
    Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
    Who has told you that you are actually sending the emails? What antivirus software do you have on the PCs? Can you get ahold of one of these spam viagra emails with full headers to help track down where/how they were sent? You may not be sending them at all, but someone else may be and using your email address as the reply address.

    There are no - to this date that I'm aware of - viruses in the wild for the Mac. Now, there are some trojans, but those are usually obtained via illegal downloads or some porn sites.

    Right now, my guess would be that it may be one of the PCs that might be infected that the virus scanner is missing the infection - assuming that the emails are even coming from you and aren't just spoofing your email address
    My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)

  5. #5
    Email virus

    Member Since
    Mar 23, 2010
    Location
    Suffolk, UK
    Posts
    6
    Specs:
    Macbook Pro - leopard
    the Emails are being sent from my email address as I can see them in my sent folder also some people have replied asking me about the link or telling me I have a virus. I can open the sent emails they just contain a link but I can't see a way to tell where they came from apart from my email address.

    The Pc's have AVG, McAfee and Norton antivirus, Not all of them on each of course!

    The only thing I can think of is that I downloaded a font last week but it wasn't via Email and it was a couple of days before the emails were sent.

  6. #6
    Email virus
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Most likely you don't have any problem at all. Here's why:

    Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from barrack_obama@whitehouse.gov. This phenomena is known as "sender address spoofing" and is quite simple to do.

    So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from John_smith@anymailservice.com and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

    So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  7. #7
    Email virus

    Member Since
    Mar 23, 2010
    Location
    Suffolk, UK
    Posts
    6
    Specs:
    Macbook Pro - leopard
    Thanyou for your replies.
    cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.

  8. #8
    Email virus
    Larry H's Avatar
    Member Since
    Nov 21, 2009
    Location
    Pacific Northwest
    Posts
    107
    Specs:
    Mac Mini 2.53 Intel Core 2 Duo 4GB
    One thing not mentioned by JillyB is what kind of email is being used, either web based or computer based.

    Would it matter if the email is web based (Gmail, Yahoo, etc) or if the email is computer based through a server like Earthlink?

    Perhaps I don't fully understand this situation, but if the emails are in JillyB's sent folder, doesn't that mean that they were sent from JillyB's computer?

    Larry H

  9. #9
    Email virus
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by JillyB View Post
    Thanyou for your replies.
    cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.
    And you're certain it's limited to just people on your contact list? Do you have an example of one of the suspect emails?
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  10. #10
    Email virus

    Member Since
    Feb 25, 2009
    Posts
    2,109
    Specs:
    Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
    Another question is - is this an imap account? If it is, then the sent messages box is actually a box referred to on the server which *may* mean the email server itself *may* have a virus of some sort...
    My Macs: Late 2013 rMBP w/ 750m; Mac mini G4, 1.25 GHz, 512m ram (server); Late 2011 11" MBA, 1.8GHz i7, 4Gig Ram, 256Gig SSD, HD3000; Powerbook 12" G4 1.33GHz running Debian as a server; Apple TV (1080p version)

  11. #11
    Email virus
    osxx's Avatar
    Member Since
    Jan 19, 2008
    Location
    houston texas
    Posts
    4,695
    Specs:
    09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
    Quote Originally Posted by JillyB View Post
    I hope this is in the right place

    I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
    I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
    I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
    Thanks.
    I cant think of a better way to slow your computer down since thats all AV
    programs seem to do on a Mac.

  12. #12
    Email virus

    Member Since
    Feb 22, 2010
    Posts
    7
    Most likely you don't have any problem at all. Here's why:

    Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from barrack_obama@whitehouse.gov. This phenomena is known as "sender address spoofing" and is quite simple to do.

    So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from John_smith@anymailservice.com and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

    So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.
    I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.

  13. #13
    Email virus
    cwa107's Avatar
    Member Since
    Dec 20, 2006
    Location
    Lake Mary, Florida
    Posts
    26,758
    Specs:
    15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD
    Quote Originally Posted by Brad79 View Post
    I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.
    You are correct, I missed that records were sitting in the Sent Items folder.

    Jilly, the easiest thing to do would be to download and install ClamXAV:

    ClamXav - ClamXav 2.0 Public Beta

    When you get it up and running, click the Update Definitions button, then begin your scan. If it finds anything, report back with the name of the threat please so that it can benefit our knowledgebase.
    Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!

    https://youtu.be/KHZ8ek-6ccc

  14. #14
    Email virus
    IvanLasston's Avatar
    Member Since
    Feb 26, 2010
    Location
    Rocky Mountain High, Colorado
    Posts
    2,116
    Specs:
    1.8 GHz i7 MBA 11" OSX 10.8.2
    Keylogger or hack is a good point. One thing to do right away is to change the password for that email account before anyone else does - if this is the cause it may stop any more spam from being sent as well.

    Also have you hooked up to any open networks lately and checked mail? It could be a man in the middle/honeypot attack that grabbed data like cookies and log ins but that is a pretty sophisticated attack.

    Have you logged into some library computer/coffee shop compuer/friend's computer to view this mail? That is where the keylogger could have come from.

    Are you using Mac mail or Entourage or Thunderbird? Check the rules for each/any of these programs to see if someone put something in there too.

  15. #15
    Email virus

    Member Since
    Mar 23, 2010
    Location
    Suffolk, UK
    Posts
    6
    Specs:
    Macbook Pro - leopard
    Thanks for all the advice

    I haven't 'sent' any more emails today thank goodness

    I have changed my password on the account

    My other half has bought some antivirus software so I will try that and see if it comes up with anything when it arrives. I understand that most people don't think AV works on a mac but I am reluctant to download anything at the moment!

    I think Ivan may have correctly identified where it came from as I did log on to my email at college BUT I was still using my own mac just on a different network.

    I don't use a specific mail manager it is just an aol mail account.

    I do have lots of examples of the emails they just contain a link and seem to have been sent to two contacts each time.

    they were all sent over about and hour and a half
    they are as follows
    (no subject)
    from: my email address
    To: contact1 contact2
    Date: Mon, 22 March 2010 21:36

    link

    I have just noticed that they do not contain the same links

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Email spam/malware/virus
    By CarlaMc in forum OS X - Apps and Games
    Replies: 4
    Last Post: 09-07-2012, 01:31 PM
  2. Email Virus
    By RichyW in forum Switcher Hangout
    Replies: 2
    Last Post: 03-26-2012, 03:38 PM
  3. Email virus
    By zrun in forum OS X - Operating System
    Replies: 3
    Last Post: 11-18-2011, 04:33 PM
  4. email virus?
    By climbguy in forum Switcher Hangout
    Replies: 4
    Last Post: 06-12-2010, 11:32 AM
  5. Potential email virus?
    By drgnfille in forum OS X - Operating System
    Replies: 1
    Last Post: 03-02-2006, 10:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •