04-22-2010, 07:09 AM | #1 | |||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Mac Virus that sends e-mails from you?
I'm about to do a Google Search - but is anyone (*coughAlanTcough*) aware of a virus on the Mac that will send e-mails from you to your entire contact list? I know back in the day when I worked at a University we ran into this on the PC in various forms. I have little-to-no Mac experience, but this appears to have happened to my wife. It's either that or her gmail account was hacked, but I don't think that is it since there is nothing in her sent items. She uses the Mac web client to check her gmail.
Any help would be much appreciated. The message go out with a blank subject line and then some semi-legit web domain but with a bogus page on that domain.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
|||
04-22-2010, 07:13 AM | #2 | ||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Dola:
One of my first searches got this: Quote:
Based on the specific combination of e-mail addresses that this e-mail appears to be sent to, I do not believe this is what happened. It was sent to my work e-mail address, some specific common friends, and members of a club my wife is in that has no relation to the other two groups. So - I'm pretty sure this is specific to my wife's computer.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
||
04-22-2010, 07:59 AM | #3 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Well, first of all, the second post where you had the quote that macs do not get viruses is completely false. There are known viruses for macs, unix, smart phones, etc. It is less common that macs get viruses primarily because less are written for macs. There still are some that exist, and it is possible there could be more in the future.
That said, I do not know all of the mac viruses that are out there, I don't really take much interest in mac viruses because I don't really use them regularly (Only use them when looking at mac specific network enhancements for my company). I do know the majority of mac viruses require some user intervention though (The traditional pop up message saying your whatever software is out of date, please download and install this one instead --- where you then install a virus unknowingly onto your mac). The most recent mac virus I remember off the top of my head is a dns changer. I do recall the type of virus you refer to for PC many times, but not sure if MAC has had one like it. It is possible someone did hack her gmail account password and then use some other program to send mail from her gmail account and the sent messages would not show up. You could probably learn something if you look at the message header of the sent emails. it should tell you how the mail was sent most likely and help you narrow down where the problem occured. |
04-22-2010, 08:01 AM | #4 |
Pro Starter
Join Date: Apr 2001
Location: NC
|
The bogus email isn't from LiveHealthClub.com is it?
Someone in my family recently accidentally spammed their entire contacts list when they received an email from a relative that appeared as an invitation to join that site. When you click "not interested," it runs a script that spams everyone in your address book. Since it just happened to someone I know I thought that might be what happened here.
__________________
"You spend a good piece of your life gripping a baseball...and in the end it turns out that it was the other way around all the time." -Jim Bouton |
04-22-2010, 08:13 AM | #5 | |||||||||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
I can't figure out how to see the full message header in either gmail (my personal account that she sent to) or Outlook on my work side (it may be stripped, dunno).
The gmail does have this at the bottom:
Ok - found it in Outlook (I removed all e-mail addresses and replaced with something else so it would make sense but not give out addresses): Microsoft Mail Internet Headers Version 2.0 Received: from naeanrfkeb01v.nadsusea.nads. Thu, 22 Apr 2010 04:40:39 -0400 Received: from naeanrfkeb10v.nadsusea.nads. Thu, 22 Apr 2010 04:40:39 -0400 Received: from naeanrfkeg06v.nadsusea.nads. Thu, 22 Apr 2010 04:40:39 -0400 Received: from NAEANRFKAX08.NADSUSEA.NADS. Thu, 22 Apr 2010 04:40:38 -0400 X-AuditID: 8aa20595-a98d4bb000000d36-8c- Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by NAEANRFKAX08.NADSUSEA.NADS. for <[email protected]>; Thu, 22 Apr 2010 08:45:03 +0000 (GMT) Received: by fg-out-1718.google.com with SMTP id e21so197760fga.16 for <[email protected]>; Thu, 22 Apr 2010 01:40:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime- :subject:from:to:content-type; bh= b=Yk0JDn7gC1Zx+ wmJQ3sVoTiwxApWt5Lr0E6MwlneOOo pA4EDxGCzeeJW1CfN3CDeRFNBp7QRf DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message- b= 1bpGNQKBLPPL9OQSOzyqLEobLckd/ aLqxB/ MIME-Version: 1.0 Received: by 10.223.112.13 with HTTP; Thu, 22 Apr 2010 01:40:30 -0700 (PDT) Date: Thu, 22 Apr 2010 03:40:30 -0500 Received: by 10.223.92.136 with SMTP id r8mr379933fam.40. 22 Apr 2010 01:40:31 -0700 (PDT) Message-ID: <z2rae0de4ae1004220140t74fe590 Subject: From: Mrs.Moore <mrs.moore@gmail.com> To: bunch of e-mail addresses Content-Type: text/plain; charset=ISO-8859-1 X-Brightmail-Tracker: AAAAAhPYxLgT2ZbG Return-Path: mrs.moore@gmail.com X-OriginalArrivalTime: 22 Apr 2010 08:40:38.0815 (UTC) FILETIME=[7C1122F0:01CAE1F7]
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
|||||||||
04-22-2010, 08:14 AM | #6 | ||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Quote:
Nope - it appears to have grouped into groups of 5-10 e-mail addresses and uses different domains for the link in each spam message.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
||
04-22-2010, 08:14 AM | #7 | |
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
For better or worse (worse it appears) there is NO virus protection on her MAC.
I knew there were viruses, but also rare - so I just didn't bother with it.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
|
04-22-2010, 08:15 AM | #8 | |
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Hm.
I have to stand corrected. This IS in her gmail sent items (just didn't synch to the Mac E-mail Program). This may be a simple gmail hacking.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
|
04-22-2010, 08:15 AM | #9 | |
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Tri-Dola - I already changed her PW this morning fwiw.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
|
04-22-2010, 08:24 AM | #10 | |
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
To anyone reading this:
Regardless, I'm installing an anti-virus app on her MAC. Any recommendations?
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
Last edited by wade moore : 04-22-2010 at 08:25 AM. |
|
04-22-2010, 08:27 AM | #11 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Looking at those headers, it does appear to have been sent through gmail.
I would definitely assume password hack here, but the question is how did they hack the password? Usually that is through some other program or hack (not necessarily her mac if she logs in from other places too). I dont think there is enough information here to say the mac is clean, but it is not uncommon for people to have keyloggers that intercept gmail passwords |
04-22-2010, 08:31 AM | #12 | ||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Quote:
99% of her access to gmail is through the Mac. The only other access is when I access the account for her through my computer or my work computer, which has not happened in quite awhile (at least a month). So far none of my accounts have seen a problem, but I guess I should change passwords just in case. This work machine has Symantec on it, but it's rather old. My home machine has AVG on it.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
||
04-22-2010, 08:33 AM | #13 | |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Quote:
I know some of the major AV vendors also have mac versions too. I don't honestly know which ones are good or not though. The only free mac AV that I have heard of is ClamAV, but I don't know if that is any good either. I know common belief in the past was you really only needed mac antivirus to protect other PC users from infected files that you might send on which wouldn't really hurt your system. That for the most part is likely still the case, so I don't want to panic you to think that the mac is the likely case here. If I had to guess I'm betting it more likely to be a password hack than a mac exploit, I just can't say for sure. |
|
04-22-2010, 08:38 AM | #14 | ||
lolzcat
Join Date: May 2001
Location: williamsburg, va
|
Quote:
I'm not panicking by any stretch - so that's good. I'm just realizing I've been complacent. While the IT support I do now is application specific, in the past I have done broader IT support so I've dealt with this stuff in the past. It just opens my eyes that I need to not be lazy and assume it's a mc so it will be fine.
__________________
Text Sports Network - Bringing you statistical information for several FOF MP leagues in one convenient site Quote:
|
||
04-22-2010, 12:28 PM | #15 |
Pro Starter
Join Date: Oct 2005
Location: Washington, DC
|
My wife had a similar thing happen (as I told you ) and it was when she hadn't opened her home computer for like a month. And her work machine is locked down. So... who knows. I think sometimes there can be a keylogger that holds on to the information for a while and then at a later date makes use of the informaiton.
__________________
Sixteen Colors ANSI/ASCII Art Archive "...the better half of the Moores..." -cthomer5000 |
04-22-2010, 01:09 PM | #16 |
College Starter
Join Date: Dec 2006
|
This happened to my wife (old aol address) and my wife's grandfather (at&t I believe) recently.
Exact same thing...blank subject line, some spam link in the message (different in each message). I assumed it was just a password intercept so I changed her password. Haven't had anything happen since. |
04-22-2010, 01:43 PM | #17 |
College Starter
Join Date: Dec 2006
|
dola
Meant to add...neither of them have a Mac. |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|