Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Alf2001
Alf2001 Author
User level: Level 1
22 points

spoofing with many email addresses in an Apple address book

I was a good samaritan (no good deed goes unpunished) and set up a MacBook running Snow Leopard earlier this year for a friend who knows little about computers. She doesn't use boot camp and only uses Apple Mail for email. She noticed that a spoofing email went out to about 50 of the addressees in her address book of about 100 addresses. About 50 of these addressees rec'd a spoof email presumably from this computer directing them to go to http://www.cetris-deutschland.de/to.php. She uses aol service of some sort and denies having her address book on some aol server, so I'm at a loss to explain how the spoofer got so many of the addresses in her address book. I'm unaware of malware that can get on a mac and do this but she is pretty much a novice. Any ideas? I looked around for web posts on this and couldn't find much.

I suppose she could have sent out an email with a ccc to half her address book but she denies this.

thanks

MacBook, Mac OS X (10.6.4)

Posted on Oct 16, 2010 7:07 AM

Reply
6 replies
User profile for user: William-Boyd-Jr
William-Boyd-Jr
User level: Level 6
10,578 points

Oct 16, 2010 8:08 AM in response to Alf2001

Alf2001 wrote:
She noticed that a spoofing email went out to about 50 of the addressees in her address book of about 100 addresses.


How did she notice that?

She uses aol service of some sort and denies having her address book on some aol server


What AOL service/software is she running?

I believe that's the way the main AOL service works (at least with newer AOL software), by keeping your address book on their servers.

Two things she should do: (1) Change her AOL password. (2) Install and run some sort of antivirus/antispyware software. For antivirus, try ClamXav: http://www.clamxav.com/
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Oct 16, 2010 6:47 PM in response to Alf2001

Sounds like her AOL account got hacked. AOL has a high volume of unsophisticated users who choose very weak passwords, so it's a frequent target for this kind of hacking. She has sent e-mail to people, and the hackers got that information from the mailboxes on the AOL server. She needs to change her AOL account password immediately, and make it a strong one (a mixture of numbers and upper and lower case letters, at least 10 characters long).

It's not likely to be malware... see my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>.
Reply
User profile for user: William-Boyd-Jr
William-Boyd-Jr
User level: Level 6
10,578 points

Oct 16, 2010 8:26 PM in response to Alf2001

Alf2001 wrote:
I asked about aol but user denies having anything on the aol site.


I'm not sure just what you mean by that or how that was determined.

I asked about aol but user denies having anything on the aol site.


She doesn't understand how the AOL software works. Years ago all AOL software stored the user's address book, etc., locally. Now it's all stored on AOL's servers. Exactly what AOL software is she using?

I'll try a program to look for malware but seems rather unlikely on a mac?


True, but not impossible. See these fairly recent stories:

http://arstechnica.com/apple/news/2010/06/spyware-trojan-hitching-ride-on-third- party-mac-screensavers.ars

http://www.theregister.co.uk/2010/04/20/pinheadmactrojan/

http://www.maclife.com/article/feature/protectyour_mac_phishing_trojan_horses_andviruses
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Oct 17, 2010 4:48 AM in response to William-Boyd-Jr

I'll try a program to look for malware but seems rather unlikely on a mac?


True, but not impossible. See these fairly recent stories:

http://arstechnica.com/apple/news/2010/06/spyware-trojan-hitching-ride-on-third- party-mac-screensavers.ars

http://www.theregister.co.uk/2010/04/20/pinheadmactrojan/


These two articles describe the OpinionSpy "trojan" and HellRTS. The former is not really a trojan, IMHO, since it tells you what it's going to do and asks permission to install. The latter has been added to the malware definitions found in Mac OS X as of 10.6.4, and it won't bite you anyway unless you're dumb enough to try to download a pirated copy of iPhoto.

More on this can be found in the [Mac Malware Catalog|http://www.reedcorner.net/thomas/guides/macvirus/malware_catalog.shtml] that is a part of the Mac virus guide I referred to previously.
Reply

spoofing with many email addresses in an Apple address book

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up