Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Worm or email acct hacked?

I just discovered 15 email messages in my Sent mailbox that I didn't send. Each message is addressed to 3 different contacts from my Address Book, and each is a spammy 'make money online' type of message with a link. Each one is different but they were all sent on the same date (May 18). I have an iMac with Mac OS X Lion 10.7.4 (11E53), and am using an username@me.com email address with an iCloud mailbox that syncs to my iPhone 4S. There haven't been anymore mystery messages since May 18th.


Does this sound like a worm or is it more likely that my me.com email account has been hacked?


Any advice on what I can do to prevent this from happening again?


I appreciate any advice/suggestions you can share. 😀

iMac, Mac OS X (10.7.4)

Posted on May 30, 2012 3:28 PM

Reply
Question marked as Best reply

Posted on May 30, 2012 4:09 PM

Hello, tough to tell, they may even be spoofed, even the Date, in Mail view the long Headers, look for IPs, like Received :from & Recieved: by...


Still, to be safe change your MobileMe password.

16 replies

May 30, 2012 8:43 PM in response to BDAqua

I've downloaded ClamXAV and just finishing scanning my hard drive. ClamXAV detected three infections:


14650.partial.emlx - Heuristics.Phishing.Email.SpoofedDomain

14587.emlx - HTML.Nimda

14649.emlx - HTML.Nimda


Engine version: 0.97.4

Scanned directories: 97922

Scanned files: 381234

Infected files: 3

Total errors: 347

Data scanned: 25799.14 MB

Data read: 32270.41 MB (ratio 0.80:1)

Time: 2605.539 sec (43 m 25 s)



I've quarantined the files and have also changed my MobileMe password (and chose one that is strong this time!).


I hope I'm clean and clear now 😕


Thank you very much for all your help!

May 30, 2012 9:32 PM in response to kelbc2007

I took a look at the infected files and all 3 were phishing schemes notifyiing me that my PayPal account was about to be closed. I didn't act on any of them and had deleted them as soon as I received them, so they must have been in my Trash. Would they somehow be related to the 15 messages I found in my Sent box that I didn't send, or is this an unrelated type of malware?


Do you recommend that I download and run Sophos in addition to ClamXAV, or would that just be redundant?


Thanks again!

May 30, 2012 11:17 PM in response to BDAqua

BDAqua wrote:


I do think that is where/why those 15 messages went out, haven't found out how it works yet...

Just curious on what your theory is on this? There was a flurry of iCloud related hacks with identical MO's about a week ago, but they seem to have stopped. I am not understanding how those phishing attempts that were not acted on could have resulted in a hacked e-mail account.


I've got Little Snitch and I'm fairly certain it would not have helpped with something like this, although I do highly recommend it for other issues.

May 31, 2012 9:59 AM in response to MadMacs0

Hi, I have a vague theory of how it might work, but I'm wondering with the small number of instances, I wonder if it wasn't a single attack, (or very few), somewhere else along the line first that got them into the WebMail site, it'd be interesting to find out the passwords that were broken to see if maybe it was just a dictionary attack possibly, or how many of these attacked people used Windows or MS SW, especially Outlook or Word, how many had unsuspected popups that Mail needed a password, & such things, what sites were being visited, (though they could change any of that fast enough).


I hesitate to post plausible attack vectors/methods on a public site... don't want to give the bad guys any new ideas incase they hadn't thought of them yet. 😉

Worm or email acct hacked?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.