You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: OrganicBooks
OrganicBooks Author
User level: Level 1
9 points

Outgoing Mail Virus, Yes, Virus!

My Apple Mail client has been sending out messages with no record of them in my Sent items. First I saw messages leave in the activity bar and now I'm getting confirmation as Undeliverable alerts are appearing for addresses I've never seen, some in Europe (I'm in the US). Further evidence is the appearance of automated replies from a subscription package tracking service I cancelled. This service is receiving messages from me that I am not sending.

I've installed ClamXav, Norton and Symantec and they found nothing. I've read other references to this issue at these discussions but so far no solutions. Can anyone help?

2 MBPs, iMac-24, Flower-Pot iMac, iBook, Original iPod, 2 Classics, 1 Touch, Mac OS X (10.5.7)

Posted on Dec 26, 2009 9:43 PM

Reply
Question marked as Top-ranking reply
User profile for user: Király
Király
User level: Level 6
10,017 points

Posted on Dec 26, 2009 9:49 PM

Relax. You don't have a virus. Some spammer is spoofing your e-mail address. The spammer is sending out spam and making it look like it's coming from you. The e-mails being 'returned' to you were never sent from your computer in the first place; they were sent from the spammer's computer.

Not to worry.
View in context
54 replies
User profile for user: OrganicBooks
OrganicBooks Author
User level: Level 1
9 points

Jan 9, 2010 10:33 PM in response to Király

I know, it's complicated. I forget the name of the service but it tracks packages I have coming to me. When a shipper sent a shipping confirmation I forwarded that email to this service. The service then returned a confirmation and tracked all my packages in a way I could view on their GUI. I didn't like the trial of this service so I cancelled it. I'm still getting the confirmations, though, and for messages I'm not sending. I can't see more details without re-registering and I don't want that hassle. I also received, as I said, a "failure to deliver" automated reply for a message I never sent. When I checked the address I found this is to a University in Europe.

Is this clear? It was hard earlier because it all seemed like "too much information."
Reply
User profile for user: Terrence
Terrence
User level: Level 1
10 points

Jan 10, 2010 2:10 AM in response to OrganicBooks

Without seeing the message with the full headers, all we can do is speculate on a virus that is unknown by your anti virus definitions. If you are receiving a failure to deliver an email message you did not originate, and your "SENT" folder in the Mail app does not show that your computer sent an email from within the Mail app, then I am inclined to believe messages are being forged and sent via the web. Have you changed the password on your email account? That's what I would do to see if that makes any difference. I would also advise getting MacScan antivirus software ( http://macscan.securemac.com/ ). Free 30 day trial to get that second opinion as it relates to nailing down any virus. activity. Keep in touch and let us know what you discover along the way
Reply
User profile for user: Terrence
Terrence
User level: Level 1
10 points

Jan 10, 2010 12:32 PM in response to OrganicBooks

Did MacScan pick up any tracking cookies? If so, you should isolate them. The problem i seem to have is my g4 powerbook running 10.5.8 and being unable to "stealth" ports 113 and 443. This is how i suspect that someone was able to send email unknown to me via my web browser. Like i said, I changed my password and deleted all my online yahoo web contacts. As a test, I am planning to populate my online yahoo contacts with entries that can only be found there and not on my apple Mail app.
Reply
User profile for user: Király
Király
User level: Level 6
10,017 points

Jan 10, 2010 2:17 PM in response to OrganicBooks

OrganicBooks wrote:
This is very helpful; thank you. The emails were not sent by me, do not show up in my "SENT" folder,


I still believe somebody is spoofing your e-mail address. I don't believe any messages are actually leaving your computer that you don't know about.

and I can sometimes see them leave via the little status bar.


I don't believe that that's what you think it is. Most likely it is Mail.app auto-saving a draft of an e-mail on your IMAP server. Or communicating with your IMAP server in some other way.

MacScan found nothing. I'll scan again and change pass and update here. If they continue I'll copy a header here.


I really don't think you have any virus, trojan, or malware. Others have suggested that you change your e-mail account password. I'll add my voice to that too.
Reply
User profile for user: Király
Király
User level: Level 6
10,017 points

Jan 10, 2010 5:24 PM in response to powerbook1701

powerbook1701 wrote:
I have seem my imap Apple mail window (in the mail activity window) say incoming from time to time with no apparent message coming in. Are you saying this is just behind the scenes communication between imap?


Yes.

Also, what is gibson research center?


It's a website where you can test your firewall for open ports.
Reply
User profile for user: OrganicBooks
OrganicBooks Author
User level: Level 1
9 points

Jan 10, 2010 9:22 PM in response to Tom Gewecke

Thanks for your link. I've contacted the admin. at TrackMyPackages and he's investigating. Curiously, I've received no confirmations since Friday, as if it's only a weekday phenomenon. He said something about an "autoforwarder" and I've asked for more info. about it.

As for the outgoing mail activity, different from others described here as I have no copies of messages and none are INcoming, it stopped the moment I upgraded to Snow Leopard. This would seem to discount the SPAM or phishing possibility, yes?
Reply
User profile for user: Tom Gewecke
Tom Gewecke
User level: Level 10
118,786 points

Jan 11, 2010 7:46 AM in response to OrganicBooks

I think you just want to be contrary, sir. The status bar showing activity definitely existed and that's what I was referring to.


I know what you are referring to. And the subject line you gave your initial posting here indicates you want to have detected an email sending virus on your Mac. But I don't think you are going to find such a virus, because there aren't any, and I am sure that whatever activity you saw is not this but something else.

But if you come up with additional evidence, do post it here.
Reply

Outgoing Mail Virus, Yes, Virus!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up