Apple Event: May 7th at 7 am PT

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 5

6,407 points

Heuristics.Phishing.Email.SpoofedDomain FOUND

Comcast sent me an email saying one of my computers was infected with a bot. And I have been getting a lot of Junk email lately. So I ran ClamXav and scanned my User Folder. The scan came up with one infected file in a deleted email folder / Heuristics.Phishing.Email.SpoofedDomain FOUND

Should I simply Secure Trash the file and I guess I should see if the file still exists on the server level.

iMac (21.5-inch Late 2009), OS X Mountain Lion (10.8.2), Airport, iPhone, iPad, Apple TV2

Posted on Mar 27, 2013 6:03 AM

Best reply

MadMacs0

Level 5

5,221 points

Posted on Mar 27, 2013 9:10 AM

Joe Gramm wrote:

Comcast sent me an email saying one of my computers was infected with a bot. And I have been getting a lot of Junk email lately. So I ran ClamXav and scanned my User Folder. The scan came up with one infected file in a deleted email folder / Heuristics.Phishing.Email.SpoofedDomain FOUND

Should I simply Secure Trash the file and I guess I should see if the file still exists on the server level.

No! All you need to do for this one is to go back to your Mail app and empty the "Deleted Messages" mailbox since you have apparently already decided it's not something you need.

Normally, I would tell you to read any e-mail that has the word Heuristics in the infection name, since this is only a warning that something about the format of the e-mail is suspicious. It did not match a specific signature of a known phishing attempt so the scanner is simply guessing.

Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.

So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.

When possibly infected e-mail files are found:

Highlight the entry in the ClamXav window's top pane that needs to be dealt with.

Right-click/Control-click on the entry.

Select "Reveal In Finder" from the pop-up menu.

When the window opens, double-click on the file to open the message in your e-mail client application.

Read the message and if you agree that it is junk/spam/phishing then use the e-mail client's delete button to delete it (reading it is especially important when the word "Heuristics" appears in the infection name).

If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.

As far as Comcast is concerned, ask them for details as their are currently no known "bots" that impact OS X.

View in context

38 replies

MadMacs0

Level 5

5,221 points

Mar 28, 2013 12:04 PM in response to Joe Gramm

Joe Gramm wrote:

Linc Davis wrote:

The Comcast email is a scam. Either ignore it or report it to your state Attorney General as the fraud that it is.

I will report this.

Since you've decided to take things to this level, I need to mention that I've heard from more than one Comcast user that they have had Constant Guard for several years and have never had to pay Symantic to renew their subscriptions. I probably should have mentioned it when Linc brought it up, but didn't feel it was that important and have no personal experience beyond getting the warning e-mail that you got and have never been moved to try it out. I will admit to pestering Comcast for years when they only offered it to the Windows community, so I feel partially responsible for their adoption of a Norton solution for Mac subscribers.

Mar 28, 2013 1:21 PM in response to MadMacs0

MadMacs0

comcast took over att broadband in my area years ago, they initially offerred mcafee as a solution (if i remember correctly) then mcaffess ratings took a hit and they brought in Nortorn as a standalone "comcast protection tool" alot of people were happy with the 360 based firewall/av solution. Some time after that they introduced constant guard which is a layered security (password based, backup with a toolbar) to work in conjunction with norton.

I believe the comcast tool bar was around between mcaffee and norton as a side thought.

people received notifications of constant guard (which was sep and distinct) initially, but comcast at a later point in time bundled them up together a "packaged solution" (you can still do norton standalong for mac or win if you find the right spot - last time i looked) but if i remember correctly, it was less the BOT aspect initially.

then one day, the news started shouting "bot, bot, bot" do you have a bot and low and behold BOT protection and I believe the support aspect from comcast appeared around the same time.

Then people received that email about the infection "bot" from comcast a little latter. during a bot scare, if i remember correctly,

this is not 100% perfect, but its an idea of what happened, the role out dates are comcasts (but its kindof what I remember, if that helps.

Norton is better then McAfee 🙂 so the solution must have been good

TildeBee

Level 7

31,917 points

Mar 28, 2013 4:38 PM in response to Joe Gramm

McAfee and Norton were never written for Macs. They have been altered (and not well) from PC apps. IMHO, all those emails from Comcast are garbage. They may apply for PCs, but not for Macs. All they do is slow down the Mac. Just my two cents, as a 20-year Mac user, 15+ Mac products.

Joe Gramm Author

Level 5

6,407 points

Mar 29, 2013 4:25 AM in response to TildeBee

For me the point about the emails is this: Do not send me the same generic email you are sending to all your customers telling them their computers are infected and need to take action NOW, when in fact I have no such infection with any of the computers on my Network.

The other issue is they provide no direct contact for you to get any specific information about your account. I was on the phone for one hour the other day, being shuffled thru three phone numbers and various menus just to get to someone that could even verify Comcast sent the email to me. And then that person had no way of telling me which computers had the bot or on what part of my Network.

The fact that Constant Guard does not cost anything is also not the issue. The issue is "Take Action Now".

Comcast is scaring people into installing Constant Guard whether they need it or not.

Maybe I'm over reacting 😕