Email virus

JillyB · Mar 23, 2010

I hope this is in the right place

I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
Thanks.

Nethfel · Mar 23, 2010

How have you confirmed that your Mac is the source of the emails?

JillyB · Mar 23, 2010

No I haven't. I don't really know how to tell where it came from since it doesn't appear to come from the PC's

Nethfel · Mar 23, 2010

Who has told you that you are actually sending the emails? What antivirus software do you have on the PCs? Can you get ahold of one of these spam viagra emails with full headers to help track down where/how they were sent? You may not be sending them at all, but someone else may be and using your email address as the reply address.

There are no - to this date that I'm aware of - viruses in the wild for the Mac. Now, there are some trojans, but those are usually obtained via illegal downloads or some porn sites.

Right now, my guess would be that it may be one of the PCs that might be infected that the virus scanner is missing the infection - assuming that the emails are even coming from you and aren't just spoofing your email address

JillyB · Mar 23, 2010

the Emails are being sent from my email address as I can see them in my sent folder also some people have replied asking me about the link or telling me I have a virus. I can open the sent emails they just contain a link but I can't see a way to tell where they came from apart from my email address.

The Pc's have AVG, McAfee and Norton antivirus, Not all of them on each of course!

The only thing I can think of is that I downloaded a font last week but it wasn't via Email and it was a couple of days before the emails were sent.

cwa107 · Mar 23, 2010

Most likely you don't have any problem at all. Here's why:

Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from [email protected]. This phenomena is known as "sender address spoofing" and is quite simple to do.

So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from [email protected] and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.

JillyB · Mar 23, 2010

Thanyou for your replies.
cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.

Larry H · Mar 23, 2010

One thing not mentioned by JillyB is what kind of email is being used, either web based or computer based.

Would it matter if the email is web based (Gmail, Yahoo, etc) or if the email is computer based through a server like Earthlink?

Perhaps I don't fully understand this situation, but if the emails are in JillyB's sent folder, doesn't that mean that they were sent from JillyB's computer?

Larry H

cwa107 · Mar 23, 2010

JillyB said:
Thanyou for your replies.
cwa107 - If the virus is harvesting addresses from the infected PC's contact list and then sending emails out "from" those addresses why are the people it is sending Emails to only from my contact list? Surely if it is on someone else's machine it wouldn't have all my contacts.

And you're certain it's limited to just people on your contact list? Do you have an example of one of the suspect emails?

Nethfel · Mar 23, 2010

Another question is - is this an imap account? If it is, then the sent messages box is actually a box referred to on the server which *may* mean the email server itself *may* have a virus of some sort...

osxx · Mar 23, 2010

JillyB said:
I hope this is in the right place

I noticed this morning that I had a virus in my Email that was sending my contacts a link to a viagra site! I can't think where I have got this from as the emails were sent last night and I wasn't on my laptop at the time.
I have a macbook pro and I am networked to other computers, mostly PC's but they have all been scanned and nothing has come up. (just a home network)
I am going to install some antivirus software on my macbook but has anyone got any experience or advice.
Thanks.

I cant think of a better way to slow your computer down since thats all AV
programs seem to do on a Mac.

Brad79 · Mar 23, 2010

Most likely you don't have any problem at all. Here's why:

Most people don't realize that an email can be sent "from:" anyone. For example, if I want to, I can send you an email that appears to come from [email protected]. This phenomena is known as "sender address spoofing" and is quite simple to do.

So, why are these emails being sent "from" your address? Most viruses are tricky and particularly, viruses that send mail don't like to be caught and easily eradicated! Think about it... if you started getting junk from [email protected] and you know John, you're probably going to tell him about it so that he can virus scan his machine. This makes the virus easy to find and remove. Virus writers are keenly aware of this, so they like to use a system that creates lots of confusion. As a result, quite often if a computer is infected with a virus that sends emails, it will harvest addresses from the infected PC's contact list or most recently sent to list. It will then send its nasty emails out "from" those addresses, often picked at random.

So, chances are there's an infected computer out there that just happens to belong to a friend of yours that has your email address in their contact list. What to do about it? Well, there's really nothing you can do - you just have to hope that whoever this person is eventually discovers that they have an infection and either renews their AV subscription or gets a better solution to deal with it.

I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.

cwa107 · Mar 23, 2010

Brad79 said:
I think you missed the part where Jilly said that she could see the email in her sent folder, which indicates that it's not a simple email spoofing. So it's likely either an infection on her computer, or a spammer got access to her account through a keylogger or something like that at some point. Since they were sent while she wasn't using her computer, my guess is the later. On my windows PC, I often do "clean up" using my anti-virus software, adaware, and ccleaner. There's a a lot of non-virus privacy/security threats that many anti-virus programs don't catch. It stays relatively clean with that approach.

You are correct, I missed that records were sitting in the Sent Items folder.

Jilly, the easiest thing to do would be to download and install ClamXAV:

ClamXav - ClamXav 2.0 Public Beta

When you get it up and running, click the Update Definitions button, then begin your scan. If it finds anything, report back with the name of the threat please so that it can benefit our knowledgebase.

IvanLasston · Mar 23, 2010

Keylogger or hack is a good point. One thing to do right away is to change the password for that email account before anyone else does - if this is the cause it may stop any more spam from being sent as well.

Also have you hooked up to any open networks lately and checked mail? It could be a man in the middle/honeypot attack that grabbed data like cookies and log ins but that is a pretty sophisticated attack.

Have you logged into some library computer/coffee shop compuer/friend's computer to view this mail? That is where the keylogger could have come from.

Are you using Mac mail or Entourage or Thunderbird? Check the rules for each/any of these programs to see if someone put something in there too.

JillyB · Mar 24, 2010

Thanks for all the advice

I haven't 'sent' any more emails today thank goodness

I have changed my password on the account

My other half has bought some antivirus software so I will try that and see if it comes up with anything when it arrives. I understand that most people don't think AV works on a mac but I am reluctant to download anything at the moment!

I think Ivan may have correctly identified where it came from as I did log on to my email at college BUT I was still using my own mac just on a different network.

I don't use a specific mail manager it is just an aol mail account.

I do have lots of examples of the emails they just contain a link and seem to have been sent to two contacts each time.

they were all sent over about and hour and a half
they are as follows
(no subject)
from: my email address
To: contact1 contact2
Date: Mon, 22 March 2010 21:36

link

I have just noticed that they do not contain the same links

cwa107 · Mar 24, 2010

OK, that clears up a lot. Since you use a web-based mail account, it's possible that it was hacked. Changing your password likely cleared up your issue, especially if it was a simple password. I made the assumption that you were actually using a mail client.

I would still recommend a scan with ClamXAV. There are no real viruses for Mac OS X, but there are a couple of trojans and worms, all of which are easily avoided just by not downloading software from untrusted sources and keeping your Mac up to date. ClamXAV is a good solution because it doesn't run all the time, but only when you need it to. The other AV products out there will slow your machine down and can be more trouble than they're worth:

Mac OS X anti-virus software: More trouble than it's worth? | MacFixIt - CNET Reviews

JillyB · Mar 24, 2010

Thanks cwa

diggertoo · Mar 30, 2010

Rouge e-mails

We've had the same problem with sending random out e-mails. Friends let us know yesterday they were receiving them.

Looking for answers I ran into this forum and downloaded: ClamXav. It worked it's wonders and viola! The offending file is now quarantined.

Filename: 29332.emlx
Infection name: Phishing.Heuristics.Email.SpoofedDomain

We are also going to change our passwords as well. Thanks for the great info.

jswitte · Apr 3, 2010

Email Virus

I have the same thing. Sending viagra advertisement to my entire address book. Change pw on account, but not sure that has resolved the issue. I plan to try clamxav. Any other suggestions? I have an IPhone, IMac, and MacBook Pro -- not sure where this invaded, but I think my IMac. Running Norton Antivirus, but it did not identify or eradicate.

chas_m · Apr 3, 2010

ClamAV X might identify an example of the offending email in your outbox, but it's not going to solve the problem. The reason is because this isn't happening on your Mac, its happening to your web-based email account.

Uninstall Norton Antivirus as fast as you possibly can. It should NEVER be installed on a Macintosh and does more harm than good. How Symantec has stayed out of court for such a horrific virus-like product I simply do not know. Make sure you uninstall Norton *thoroughly* (using their uninstall method).

So, the score still stands: Macs don't have viruses -- but web-based email accounts can get hacked (just like on PCs).

Email virus

JillyB

Nethfel

JillyB

Nethfel

JillyB

cwa107

JillyB

Larry H

cwa107

Nethfel

osxx

Brad79

cwa107

IvanLasston

JillyB

cwa107

JillyB

diggertoo

jswitte

chas_m

Guest

Shop Amazon