09-05-2010, 09:46 PM

I love my Mac. After reading many threads on this site, I decided not install anti virus software on my computer and I've been happy with that decision.

This morning my mother told me that my computer had somehow sent a suspicious email to her and many others with a link to hgd4.medhealthx.com/
My mother was smart enough not to click on the link. So I looked online, deleted many old contacts from my email list (hotmail) in case this happened again and installed CalmXav, which found nothing. Sure enough tonight my hotmail account sent another link--this time to soq7.medhealthx.com/

Hopefully my contacts will not click on the links, but I would like to remove whatever is on my computer that is causing this problem. I do not run Windows on my Mac. I don't do a lot of downloading and I have no idea what I might have clicked on myself that allowed the trojan on my computer--I would have said I was very cautious regarding what I download.

Please be gentle with your replies--I am not a computer expert.

Thanks. Donna
Mac OS X Version 10.5.8

09-05-2010, 10:12 PM

The good news is, you probably don't have a virus. What you're likely experiencing is a phenomenon known as "sender address spoofing".

Do you see these emails actually sitting in your Sent Items folder in Hotmail?

09-05-2010, 10:16 PM

Yes, they are in my sent folder. I got many delivery failure notices. I'm glad of that.

09-05-2010, 10:21 PM

Quote:

Originally Posted by walkingal

Yes, they are in my sent folder. I got many delivery failure notices. I'm glad of that.

Change your account password immediately. Make sure it is strong (mix of upper and lower case letters, include numbers and at least one special character like !@#$%^*(, etc).

09-05-2010, 10:42 PM

Okay. I did that. Thank you.

09-05-2010, 11:32 PM

Yea, if they're in your sent folder, somebody definitely highjacked your account, not just spoofed it. Gotta keep ridiculously strong passwords in today's day and age. I usually use 14-16 characters, randomized. If you can remember a phone number, you can remember one good password.

09-06-2010, 08:16 AM

Quote:

Originally Posted by DarkestRitual

Yea, if they're in your sent folder, somebody definitely highjacked your account, not just spoofed it. Gotta keep ridiculously strong passwords in today's day and age. I usually use 14-16 characters, randomized. If you can remember a phone number, you can remember one good password.

Especially with Hotmail, which has traditionally been a haven for spammers, scammers and other riff-raff.

09-06-2010, 12:47 PM

Quote:

Originally Posted by cwa107

Especially with Hotmail, which has traditionally been a haven for spammers, scammers and other riff-raff.

I can vouch for that. Happened a few months ago to my Hotmail account and my wife's. We implemented tougher passwords and haven't had trouble since.

09-09-2010, 04:30 PM

I'm not a Mac user but this is one of the more intelligent discussions I've seen and I thought I'd put my post here.

Last weekend, I got two messages from a colleague's Hotmail that pointed me to *.medhealthx.com sites. This morning, I got a very similar message from my wife's Hotmail account, pointing me to a *.xpharmx.com site.

I've been googling today to try to find what's up. As far as I can tell, all discussions including "medhealthx" are all from the past week or two. On the other hand, that may be because the spam author rolls out new domain names every week since I bet Hotmail spam filters will soon weed out messages containing *.medhealthx.com links. (My filters at work do that now.)

From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

I changed my wife's Hotmail password. My fear is that the culprit is keylogging spyware. If that's true, it may happen again.

Regarding the possibility that it is an attack on weak passwords: My wife and colleague both had 6-character alpha passwords. That's not a super-easy level, but also not very strong.

I welcome suggestions about what to try or look for.

09-09-2010, 05:45 PM

Quote:

Originally Posted by sving

From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

True. The virus isn't ifiltrating the OS, it's hitting the GMail and Hotmail servers vice the individual machines.

09-09-2010, 06:30 PM

Quote:

Originally Posted by sving

I'm not a Mac user but this is one of the more intelligent discussions I've seen and I thought I'd put my post here.

Last weekend, I got two messages from a colleague's Hotmail that pointed me to *.medhealthx.com sites. This morning, I got a very similar message from my wife's Hotmail account, pointing me to a *.xpharmx.com site.

I've been googling today to try to find what's up. As far as I can tell, all discussions including "medhealthx" are all from the past week or two. On the other hand, that may be because the spam author rolls out new domain names every week since I bet Hotmail spam filters will soon weed out messages containing *.medhealthx.com links. (My filters at work do that now.)

From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

I changed my wife's Hotmail password. My fear is that the culprit is keylogging spyware. If that's true, it may happen again.

Regarding the possibility that it is an attack on weak passwords: My wife and colleague both had 6-character alpha passwords. That's not a super-easy level, but also not very strong.

I welcome suggestions about what to try or look for.

I had a 7 digit alpha-numeric password on my Hotmail and it was still "hacked". So, changing the password to something unique/random/difficult is your best approach/solution. I haven't had this happen again since I changed mine.

09-10-2010, 09:26 AM

MYmacROX, did your hack involve the symptoms discussed in this thread (spam sent from your account with *.medhealthx.com or another medical website ending with an x), or is yours an unrelated attack?