Phishing hijack on my imac

Unbelievably embarrassing!! Last week I started receiving calls from friends (even received an email from Groupon support - how embarrassing is that...) because they were all concerned that I was "stranded in London (I wish) with no money and the US embassy would not help and I was therefore asking for assistance. Where this email came from and how this whole mess started I will undoubtedly never know.

I immediately changed my password to my email account but now live in fear as I have been told by the developer of the Tamer Attachment app for the Mac and which I must use since all of my images arrive at PC's embedded in the body of the mail in spite of my having "send Windows friendly attachments" selected - that when I select to install an upgrade to the application that (quote)

"When the update is displayed Mail is no longer the frontmost application (just like if you manually switch to some other program), so in case you had some malware on your computer, it would be imaginable that it waits until Mail is no longer the frontmost application to do its work."

I won't be installing any of the upgrades therefore but what I was wondering is that I have been told over and over the due the fact that OS X runs on a unique system (see post by Shadov 2/6/04) that the Macs are safe from this type of malware? If that is no longer the case, what do I do? Is there a way to protect myself from any future episodes of this nature and the associated embarrassment. Just had a call from a friend not too far from London who received the email and was most concerned and ready to drive down there. Yikes!!! I suspect the resulting information gleaned from this problem will be useful to others. Thank you.

1. Macs are immune to viruses, but malware for the Mac exists. Nothing that would do this, however, so:

2. What's probably really happened is that someone has hijacked your email account by guessing your password. You just need to change your email password with your ISP.

1. Macs are immune to viruses, but malware for the Mac exists.

Click to expand...

Macs are not immune to viruses. It's just as of right now none exist in the wild that can infect a Mac. But to tell someone that Macs are immune is simply not true. I really wish you would not make that claim.

Thanks.

chas_m said:

1. Macs are immune to viruses, but malware for the Mac exists.

Click to expand...

I'm sure the people onboard the Titanic thought that it was immune to the effects of an iceberg collision just like people in the 1950s thought they were immune to the "supposed" effects of tobacco and DDT. If history has taught us anything, nothing is immune and I'm sure the engineers of the Maginot Line would begrudgingly agree with me.

Listen, going around saying that Macs are immune is dangerous. Just because something hasn't happened doesn't make it immune. I haven't had cancer but I'm not going to walk around in radioactive waste with impunity based on a belief that I must be immune.

Stating that Macs are immune accomplishes only two things: it makes the Mac community as a whole look bad and pretentious while instilling in others a false sense of security that will inevitably be shaken the day that a well written virus is released. Please stop spreading this message to anyone who comes by and has the right mindset in trying to be vigilant and proactive because I can guarantee you that when the day comes, their vigilance will serve them better than your complacency.

kathmat: It's possible that someone has simply gotten access to your email account (as suggested above). It is also possible that the developer of this app knows about some scenario where malware can make use of Mail. What exactly are they referring to in the quote you provided?

What is better than saying Immune and quite accurate is, at this point in time, there is no Self Replicating or Self Installing Virus's for OSX. There are a very few Trojans though like a DNS changer. Hard to get but not impossible. Someday who knows, maybe someone will release a true virus for OSX. Nothing is impossible.

That said, I agree, I have a feeling the email issue might be what Vansmith suggested.

While Macs probably are not entirely immune to viruses, I'd imagine it would be quite difficult to write a virus for OS X seeing how it's set up.

There are millions of Macs out there now, I'm curious as to why somebody HASN'T written a virus for OS X yet. (not saying I would want them to)

Reply to vansmith:

I wrote to the developer for the Attachment Tamer (the actual name of the app) and explained to him what had happened and the reason I had contacted him was because I had received a notification re the new version and noticed (maybe coincidentally) that when I agreed, there was an almost imperceptible flash on my monitor although nothing else untoward at the time appeared to take place. Again I reiterate it could have just been coincidence. However, then the drama started. Changed my email password and moved on. A couple of days later I received another notice of an update and which to me seemed highly suspicious as I wondered why two updates so quickly on the heels of each other? Terrified at this point to install the second update - that was when I contacted him to find out if maybe the update notices had not in fact actually come from him? (Sorry for the length of this but sometimes it is better to have all the details) and following is the entire content of his reply. Let me also say that I am very pleased with the app as it does exactly what it says and I have had no more complaints from clients and friends alike since installing it over six months ago, reason being that they cannot download my images.

Yes, there was an update just before Christmas and another update today. I've had a lot of trouble with my computer lately (backup storage failure, file system failure, etc.), so I prepared the update in a hurry and left an important bug unfixed. (The bug prevented site license owners from registering the software.) That forced me to release another update today.

As for how the updates could (hypothetically) be related to the scam: When the update is displayed Mail is no longer the frontmost application (just like if you manually switch to some other program), so in case you had some malware on your computer, it would be imaginable that it waits until Mail is no longer the frontmost application to do its work.

In most cases, however, this kind of emails is not really sent from the sender's computer. It is sufficient that the spammers have your address (possible from a computer of someone who knows you). The way email works senders' addresses are not verified. There has also been very little malware on Mac OS X. Nonetheless, if you think that it could have been sent from your computer, you should have the computer checked.

So grateful by the way for the interest and advice on this subject.

There isn't much you can do at this point changing your password. Remain vigilant in monitoring your email to see if the problem persists. As for the password, try changing it to be "stronger" (mix cases, use numbers and/or include symbols). Try to avoid dictionary (common) words.

Report back if the problem persists. What email provider are you using?

AOL - and believe me, the password that I was using was extremely uncommon So much so that while I do keep a little black book on the zillion passwords that we all have to use on a daily basis (I don't duplicate my password across applications or site logins) that one I would have to keep referring to quite often. The email was sent from my AOL screen name and my alternate screen names with other providers seem to be fine. What still puzzles me though and not being an expert I cannot fathom a reason for it, is that the email was sent not only to folk in my contact or address book, but to anyone I had actually ever sent an email to? It was as though it hijacked my "sent" folder rather than the address book. Most odd.
I am a tad paranoid about such things, so shall certainly be watching it with both the regular and the third eye.
Thank you again.