Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Yahoo Mail Worm/Virus?

This morning my Yahoo mail account sent out a series of Spam emails to random people from my address list. No one was logged into the account at the time this happened. My wife and I routinely access the account from a PC running Norton 360 and from two different Macs. So we're fairly confident none of these computers are infected with anything. I called AT&T/Yahoo tech support, and they indicated that the account appears to have been hacked by some sort of bot... and they thought the issue may be with my iPhone and the fact that it has no antivirus protection.

I took a look at the full headers of the Spam emails and was able to track the originating IP address to Sunnyvale, CA (Yahoo's headquarters). I then compared this with old emails sent from both my home PC and my iPhone. Only the iPhone generated emails went through the Sunnyvale IPs. The emails sent from all three computers on my home network originated from local IPs.

So, bottom line... this leads me to believe that it was indeed my iPhone that somehow triggered the emails. I was driving at the time the emails were sent... so I know I didn't click anything, open any emails, or take any other actions that would have triggered the Spam.

Any idea what's going on here? Should I be concerned that my iPhone has a worm or virus that is triggering these messages? I'm particularly trying to determine if this is just a worm or if an actual person has hacked my account. I changed the password... but that password was also used for some other accounts of mine too. My biggest concern at this point is the potential for identity theft.

iPhone 3Gs

Posted on Mar 5, 2010 4:04 PM

Reply
17 replies

Mar 5, 2010 4:18 PM in response to Scott614

Should I be concerned that my iPhone has a worm or virus that is triggering these messages?


No - there are none, and even if there were, you would have had to purposefully hack your phone, and install unauthorised software to have a chance at getting infected.

I'm particularly trying to determine if this is just a worm or if an actual person has hacked my account.


Most likely the latter, or this:

My wife and I routinely access the account from a PC running Norton 360

Mar 5, 2010 4:21 PM in response to Scott614

I called AT&T/Yahoo tech support, and they indicated that the account appears to have been hacked by some sort of bot... and they thought the issue may be with my iPhone and the fact that it has no antivirus protection.


Sorry, but what a crock.

I seriously doubt this is a worm or virus on your iPhone. If so, you will be the first.

Nothing can be installed on an iPhone from a received email, from a website, or from a received MMS except for a photo, and I haven't read about any viruses or worms being included with a JPEG file. Unless your iPhone has been hacked/jailbroken and you have installed unofficial software on your iPhone from an unknown or untrusted source, it would be some trick for a virus or worm to be installed on your iPhone especially since there are no viruses that infect or affect OS X, and the iPhone runs an optimized version of OS X.

Spammers spoof email addresses - using a random/valid email address to appear as the sending email address for the spam usually making use of valid email addresses gathered from their "known good" email address list which is rotated from what is a huge list. A significant portion of spam is generated from Windows computers that have been taken over remotely by spammers with email generated with a spoofed email address without the user's knowledge.

I venture to say the emails were not generated from your iPhone. More than likely your email address has been spoofed by a spammer only - your email account has not been hacked but it can't hurt to change your account's password.

Mar 5, 2010 6:02 PM in response to Scott614

I agree with the other responses, but be aware that an app you install in the iPhone CAN send mail from the phone. If all of your apps come from the iTunes store it's highly unlikely that this was the source of the emails. If your phone is jailbroken all bets are off; there are at least 2 known worms that can infect a jailbroken iPhone, and one of them DOES send spam emails.

Mar 6, 2010 9:24 PM in response to Scott614

The same thing happened to me. My iPhone/Mac Mail were not showing any sent items, but my online Yahoo! account was. Spam was sent to all of my Yahoo! contacts, which thankfully were all me, I don't use Yahoo's address book. I am a little bothered, I haven't worried about anything like this since OS 9. I'm pretty sure this issue is within Yahoo's servers, but would be interested in the thoughts of someone who actually knows what they are talking about.

Mar 7, 2010 12:53 AM in response to stru

I'm pretty sure this issue is within Yahoo's servers, but would be interested in the thoughts of someone who actually knows what they are talking about.


There are many fellow users here who actually know what they are talking about - what will make you determine that someone here does?

If these messages are in your Yahoo account's Sent mailbox at the server only - when accessing the account via webmail using a browser, your Yahoo account was hacked at the server. What type of password do you use for your Yahoo account - how many digits - 6 or more that include letters and numbers? Whatever it is, you need to change the password if you haven't already done so.

Mar 8, 2010 2:26 PM in response to Allan Sampson

This exact thing has happened to me yesterday evening. They compromised account was my primary account for logging into to my DSL ISP - AT&T. I have changed the password and notified those who received the spam what had happened.

What upset me was the fact that I called AT&T to make them aware of the issue. I told them I no longer wanted the compromised account to be used to log in to my AT&T account. Better safe than sorry. They told me it would take 3-5 days to "lock" the account and I had to discontinue service with the compromised account and sign up for another if I wanted a different primary email account. Why is it not possible for AT&T/Yahoo to put a lockdown on a an account that has been hacked? This account, when used to log into AT&T would give the hacker full access to my personal information. Are they not concerned with protecting their customers?

When I notified those who received the emails they told me I wasn't the first and, after investigating sources of the others they received, it was always an AT&T account (Yahoo, sbcglobal.net, etc).

Mar 8, 2010 3:13 PM in response to nlm0.0mln

When I notified those who received the emails they told me I wasn't the first and, after investigating sources of the others they received, it was always an AT&T account (Yahoo, sbcglobal.net, etc).


AT&T does not own Yahoo. AT&T's website includes a Yahoo web search function so there is a business relationship of some sort between AT&T and Yahoo, but a Yahoo account is separate from an email account provided by AT&T.

I can't answer for the other, but if you changed the password for the account, the account is no longer compromised by whoever had access to your account's password by whichever means this was obtained. If only for 3-5 days and you switched to a password that is considered strong - at least 6 characters that includes a combination of letters and numbers which makes it more difficult to guess, you have less to worry about. The same can occur with any email account if what is considered a weak password is used.

If someone indeed had access to your account's password, they already have access to your personal information via the login for your AT&T email account.

Mar 8, 2010 3:48 PM in response to nlm0.0mln

There's no need to lock or change the account; just put a really good password on it. Whoever hacked it found the password somehow. There are a lot of ways to do this:

1. Dictionary search - a program runs through a dictionary and tries every word.

2. Full search - try every combination of letters and numbers. This is usually fairly easy because most people have short passwords (easy to remember) and don't bother with upper and lower case and punctuation in their passwords.

3. Install a trojan horse program on your computer, and wait for you to type the password. Somewhere over half of all PCs have one or more viruses or trojans on them; yours could be one.

4. Monitor your unsecured or WEP encrypted home WiFi network.

5. Monitor a public WiFi network when you are using one (like Starbucks). Don't ever check email at a public hotspot unless the server supports SSL and you use it.

Mar 8, 2010 4:18 PM in response to Allan Sampson

Reggie is correct.

I realize my concern over any future hack was knee jerk reaction but it is understandably freightening to have such a thing happen to you. I had/have a nonsensical combination of letters and numbers as my password. Definitely not in the dictionary.

My fears and concerns have mellowed now but after doing some research it seems that this is a common problem for those of us with ATT/Yahoo accounts.

I have (honestly? spitefully.) signed up to receive cable ISP after the lack of customer support/therapy from ATT. If my information is compromised I expect immediate reaction and respect for the fact I have done what I am supposed to do on my end to prevent such a thing from happening. When friends of mine where attacked and their email was spamming others (different ISP, different time) their email was locked up immediatelywithout their consent. I asked forjust that and 3-5 days is an unacceptable response.

Mar 8, 2010 5:09 PM in response to nlm0.0mln

....and now that I am home and trying to enter my new pass into my modem (via IP) and my router (via IP) it seems AT&T doesn't want me to without downloading a "password change tool." HA! Really? So now on top of being hacked I am being forced to download bloatware. Insult to injury.

Sorry for this AT&T rant on Apple forums but I wish Apple would let go of the AT&T affiliation so I can set myself free once and for all(iPhone owner).

also reggie = deggie

Message was edited by: nlm0.0mln

Mar 9, 2010 12:56 AM in response to nlm0.0mln

nlm0.0mln wrote:
Sorry for this AT&T rant on Apple forums but I wish Apple would let go of the AT&T affiliation so I can set myself free once and for all(iPhone owner).


Rant ignored ..... but the iPhone will only work on AT&T in the US - Verizon being completely utterly incompatible and T-Mobile 3G data not being compatible, it'll be a long wait.

For a fuller explanation, search for 'CDMA' in these forums.

Mar 9, 2010 7:59 AM in response to nlm0.0mln

As I pointed out, your email account is totally within the purview of Yahoo, not AT&T. Changing your password would have been sufficient, and if it was a really hard one to hack someone either acquired it through social engineering or you have jailbroken your iPhone. I've had a AT&T/Yahoo email account, and know many more in my area that do, and I've yet to know anyone who had this problem. And the reason I know so many with it is due to all the people who dropped their cable due to problems with mail.

So good luck to you with that cable account.

Mar 9, 2010 8:08 AM in response to deggie

It doesn't have to have been the iPhone that was hacked; it could have been any computer used to access the Yahoo account, or even just using the iPhone or computer on an unsecured WiFi network. The most likely scenario is that the computer (not the iPhone) was infected with a worm, or that the OP clicked a link that looked like a Yahoo service but was actually a spoof site. This is the most common way of harvesting Yahoo id's and passwords.

Mar 12, 2010 7:19 AM in response to deggie

1) My iPhone is not jailbroken.

2) I have contacted Yahoo and they tell me that it is a known issue that they are working to resolve.

3) All of my personal email addresses are gmail. I do not like Yahoo/ATT, hotmail, nor will I use my new cable ISP as email. The only reason I had the SBCGLOBAL address was because of log-in for the ISP. The address book was inserted into that account when I naively sync'd my contacts on the iPhone with known email addresses.

4) I refuse to use Outlook on my PC and Mail on my MAC because I don't want to download any email or attachments to my machine unless I specifically choose to.

5) I have thoroughly scanned for malware on my machines and nothing was found.

Conclusion: Yahoo's security has been breached on its own servers. They've admitted as much per a customer service phone call.

Yahoo Mail Worm/Virus?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.