My wife's email account is now sending out spam messages to those in her address book? She obviously clicked through on the wrong message and now I've got to try to find the problem and get it fixed. What do you recommend for a Mac.
IMAC Intel2.0 Ghz, 1Gb RAM, Mac OS X (10.5.1)
Have never seen this on a Mac. There are no Mac viruses. Does she use the email address on a windows machine? It is also possible that someone is spoofing her email address and it has nothing to do with the Mac. If you look in her sent folder are there the SPAM emails in there?
http://www.cites.illinois.edu/security/idtheft/phishing/spoofing.html
This is most likely not the result of a "virus" (no viruses exist for OS X), or malware. But if you want to scan your Mail, you can use ClamXav. If it finds anything, it will probably only be some harmless Windows malware, which will not affect a Mac.
http://www.clamxav.com/download.php
Here is the current ClamX OS X malware catalog
daily.cvd not-OSX.Tored
daily.cvd OSX.Flashback-1
daily.cvd OSX.Flashback-3
daily.cvd OSX.Flashback-2
daily.cvd OSX.Flashback-4
daily.cvd Trojan.OSX.Miner
daily.cvd OSX.Defma
daily.cvd MacOSX.Revir-1
daily.cvd OSX.BlackHol
daily.cvd OSX.BlackHol-1
daily.cvd MacOSX.iMuler-1
daily.cvd Trojan.OSX.FlashBack.A
daily.cvd OSX.DevilRobber
main.cvd OSX.RSPlug
main.cvd Trojan.OSX.iservices.A
main.cvd Trojan.OSX.iservices.B
main.cvd OSX.DNSChanger.dmg
main.cvd OSX.DNSChanger.dmg-1
main.cvd Trojan.OSX.RSPlug.F.dmg
main.cvd Trojan.OSX.RSPlug.F.dmg-1
main.cvd Trojan.OSX.RSPlug.F.dmg-2
main.cvd Trojan.OSX.RSPlug.F.dmg-3
main.cvd Trojan.OSX.RSPlug.F.dmg-4
main.cvd Trojan.OSX.RSPlug.F.dmg-5
main.cvd Trojan.OSX.RSPlug.G.dmg
main.cvd Trojan.OSX.RSPlug.G
main.cvd Exploit.OSX.Safari
main.cvd Trojan.OSX.Cowhand
main.cvd Backdoor.OSX.BlackHole
main.cvd Trojan.Downloader.OSX
main.cvd OSX.Flashback
main.cvd Trojan.Downloader.OSX-1
main.cvd OSX.DNSChanger
main.cvd OSX.Trojan-2
main.cvd Trojan.OSX.Opener
main.cvd Trojan.OSX.RSPlug.C
main.cvd Trojan.OSX.RSPlug.D
main.cvd OSX.Tored
main.cvd OSX.RSPlug-2
main.cvd Trojan.OSX.OpinionSpy.B
main.cvd Trojan.OSX.OpinionSpy.A
main.cvd Trojan.OSX.MacDefender
main.cvd Trojan.OSX.MacDefender.B
main.cvd Trojan.OSX.MacDefender.C
main.cvd OSX.Defma-1
main.cvd OSX.Defma-2
main.cvd Trojan.OSX.MacBack
main.cvd Trojan-Downloader.OSX.Fav.A
main.cvd Trojan-Downloader.OSX.Fav.B
Your Mac may have been infected by a Botnet (Trojan) and you need to inform your ISP.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - macsec@securemac.com
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
http://macscan.securemac.com/buy/
and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
Klaus, I haven't heard of any recent infections. This was from 2009 and only resulted from downloading pirated versions of iWork or Photoshop CS4 from Torrent sites. If the OP hasn't done that -- and I'm not even sure this is possible any longer -- then I wonder if this isn't a false alarm?
iServices trojan, OSX.Trojan.iServices.A and OSX.Trojan.iServices.B
Do you have any evidence this Trojan is still circulating, or circulating in some other form? Are you, perhaps, being unnecessarily alarming?
No, haven't heard of any trojans for a long while, apart from this one:
http://www.bbc.co.uk/news/technology-16700192
which did not affect Macs.
But if the spam mails are being sent from the OP's computer it has been hacked.
Much more likely a spammer got a hold of the email address and is using that spoofed on a PC botnet. Doesn't mean the computer has been hacked. But if the Address Book has been stolen by someone sniffing the Mail ID and Password, best to change those ASAP.
Don't know if Apple ever fixed this.
Message was edited by: WZZZ
WZZZ wrote:
Much more likely a spammer got a hold of the email address and is using that spoofed on a PC botnet. Doesn't mean the computer has been hacked. But if the Address Book has been stolen by someone sniffing the Mail ID and Password, best to change those ASAP.
Yes, the fact that people she knows are getting emails would indicate that they have access to her email server where they can harvest addresses of those she has sent to. Some e-mail servers have the contact list on the server, as well. Changing the password is definitely in order.
Don't know if Apple ever fixed this.
I don't know either as there was no announcement and Jeremiah hasn't updated his assertions in over a year. I would think that would only work against the users Address Book page from the description.
I've had AutoFill turned off since September 2010, so I turned it back on and went to theproof of concept page where it no longer finds anything, so maybe they did fix it. Guess I should try to ask Jeremiah about it.
All,
Thanks for the thorough discussion on this topic.
I am having the same issue right now. I haven't logged into email (except on my iPhone) for several days, and yesterday I apparently started spamming my contacts. My ISP (Brighthouse networks) is claiming I have a virus and I need to fix this on my end as they have software that prevents this sort of thing (so claimed the chatroom tech who had a very poor command of english). I am doing a complete system scan using SOPHOS and so far (about 75% done as I write this) have found nothing. Not that I expected a MAC to have a virus, but better safe than sorry.
If I read this string correctly, if I change my email password I should be ok? No need to delete the account and open a new one?
Very true - in fact a more likely scenario.
How do I remove an email virus
