Skip navigation

Worm or email acct hacked?

3396 Views 16 Replies Latest reply: Jun 2, 2012 9:59 PM by kelbc2007 RSS
1 2 Previous Next
kelbc2007 Level 1 Level 1 (0 points)
Currently Being Moderated
May 30, 2012 3:28 PM

I just discovered 15 email messages in my Sent mailbox that I didn't send. Each message is addressed to 3 different contacts from my Address Book, and each is a spammy 'make money online' type of message with a link. Each one is different but they were all sent on the same date (May 18). I have an iMac with Mac OS X Lion 10.7.4 (11E53), and am using an username@me.com email address with an iCloud mailbox that syncs to my iPhone 4S. There haven't been anymore mystery messages since May 18th. 

 

Does this sound like a worm or is it more likely that my me.com email account has been hacked?

 

Any advice on what I can do to prevent this from happening again?

 

I appreciate any advice/suggestions you can share.

iMac, Mac OS X (10.7.4)
  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 30, 2012 4:09 PM (in response to kelbc2007)

    Hello, tough to tell, they may even be spoofed, even the Date, in Mail view the long Headers, look for IPs, like Received :from & Recieved: by...

     

    Still, to be safe change your MobileMe password.

  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 30, 2012 7:04 PM (in response to kelbc2007)

    Good work, did you change your Password yet?

     

    Have you checked for Malware yet?

     

    ClamXAV, free Virus scanner...

    http://www.clamxav.com/

     

    Free Sophos...

     

    http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/

     

    Little Snitch, stops/alerts outgoing stuff...

    http://www.obdev.at/products/littlesnitch/index.html

  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 30, 2012 9:18 PM (in response to kelbc2007)

    Great work, be sure to Rebuild Mail's index...

     

    https://discussions.apple.com/thread/3916707?start=0&tstart=0

  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 30, 2012 9:53 PM (in response to kelbc2007)

    To Rebuild just use Mail's Menu>Mailbox>Rebuild at the bottom.

     

    I don't think you need Sophos at all, & I do think that is where/why those 15 messages went out, haven't found out how it works yet butperhaps this could prevent it, not sure though...

     

    Little Snitch, stops/alerts outgoing stuff...

    http://www.obdev.at/products/littlesnitch/index.html

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 30, 2012 11:17 PM (in response to BDAqua)

    BDAqua wrote:

     

    I do think that is where/why those 15 messages went out, haven't found out how it works yet...

    Just curious on what your theory is on this?  There was a flurry of iCloud related hacks with identical MO's about a week ago, but they seem to have stopped. I am not understanding how those phishing attempts that were not acted on could have resulted in a hacked e-mail account.

     

    I've got Little Snitch and I'm fairly certain it would not have helpped with something like this, although I do highly recommend it for other issues.

  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 31, 2012 9:39 AM (in response to kelbc2007)

    Great news, thanks!

  • BDAqua Level 10 Level 10 (114,705 points)
    Currently Being Moderated
    May 31, 2012 9:59 AM (in response to MadMacs0)

    Hi, I have a vague theory of how it might work, but I'm wondering with the small number of instances, I wonder if it wasn't a single attack, (or very few), somewhere else along the line first that got them into the WebMail site, it'd be interesting to find out the passwords that were broken to see if maybe it was just a dictionary attack possibly, or how many of these attacked people used Windows or MS SW, especially Outlook or Word, how many had unsuspected popups that Mail needed a password, & such things, what sites were being visited, (though they could change any of that fast enough).

     

    I hesitate to post plausible attack vectors/methods on a public site... don't want to give the bad guys any new ideas incase they hadn't thought of them yet.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 31, 2012 10:30 AM (in response to BDAqua)

    Have you been following the Icloud account just got hacked discussion? Several theories were thrown out at the time, but the only one that seemed to have any traction was use of an iPhone.

    iMac G5, Mac OS X (10.5.8)
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.