I opened an email file from UPS and discovered it was a fraudulant email. Now I am concerned that there could be malware on my mac pro. Has anyone tried Eset anti virus software? Does it work?
MacBook Pro (15-inch Mid 2009), Mac OS X (10.7.4)
Just opening email doesn't do any damage. Installing (anti)virus software can.
Yes, thanks for your response and I know opening the email won' t do any harm but I opened the attached file because I happen to be expecting a UPS delivery. The email really looked legit so I didn't t think twice about. So I take it that you haven' t use desert or any other security programs. Anyone else have any experience?
You are fine if you didn't install anything.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
If an email download images if allowed and using html, I would suspect even opening email, yes. And definitely never allow an attachment to open... pdf or jpeg have been, unless you are really sure. I don't think UPS uses attachments.
UPS and some merchants like Amazon do allow setting up and sending text messages and to confirm it was delivered to your mobile phone or tablet.
Apple's take on phishing from Klaus1 link:
http://support.apple.com/kb/HT4933
No software can protect a user from their own behavior and 'socially engineered' exploits to get someone to trust that it is say UPS, or Apple iTunes (very popular but usually flawed giveaways somewhere in the email).
I don't know if it is Apple not providing enough API guidelines or what that 3rd party is often such a disaster and unable to provide security packages that work and work with the operating systems.
ClamXav might work. Thomas A. Reed has his own guidelines and FAQ on the subject.
ddravis99 wrote:
Yes, thanks for your response and I know opening the email won' t do any harm but I opened the attached file because I happen to be expecting a UPS delivery.
What happened when you opened the attachment? All the Trojan's that I'm aware of are disguised as "Receipts" are Windows only.
When I opened the email which was from Quantum view UPS, it provided a file at the bottom of the page. When I clicked on the html file I was taken to a web page with a hyper linked tracking number on it. When I clicked on the hyper link it took me to a blank web page. I am concerned that may have opened my computer up to some trojan or other malware and am trying to find a SAFE way to determine if that is the case, without making things worse than they already are. I have contacted UPS and they told me this is a fraudulant email and not from them. I did a quick Google search on fraudulant UPS emails and sure enough they had an image similar to the email I received. That google page suggested that malware may have been included with this email and to run a scan as soon as possible. Any help you can offer would be appreciated.
ddravis99 wrote:
When I opened the email which was from Quantum view UPS, it provided a file at the bottom of the page. When I clicked on the html file I was taken to a web page with a hyper linked tracking number on it. When I clicked on the hyper link it took me to a blank web page. I am concerned that may have opened my computer up to some trojan or other malware
There is no currently known possibility of infection as long as your software is fully up-to-date. Your profile says you are running OS X 10.7.4 which is one update behind, so I hope that's wrong. Beside 10.7.5 and subsequent Security Updates, the other important updates in this case are Java, if you previously installed it. Apple recently issued the following guidance to Java users:
To help limit exposure to potential Java web app vulnerabilities, try to follow this best practice:
1. Enable Java in your web browser only when you need to run a Java web app.
2. Confine your web browser only to the websites that need the Java web app. Do not open any other websites while the Java web plug-in is enabled.
3. When you are done, disable the Java web plug-in. See How to disable the Java web plug-in in Safari.
Further, the only Trojans that match this description are being targeted against small groups (e.g. Tibetan sympathizers).
...am trying to find a SAFE way to determine if that is the case, without making things worse than they already are. I have contacted UPS and they told me this is a fraudulant email and not from them. I did a quick Google search on fraudulant UPS emails and sure enough they had an image similar to the email I received. That google page suggested that malware may have been included with this email and to run a scan as soon as possible.
All that guidance is for Windows users.
If it will make you feel any better, go ahead an use one of the scanners recommended already by others. Since it involves e-mail, there are some precautions you need to take if you find something, so if you do return here before taking any action to quarantine or delete a file as you could damage a mailbox index in the process.
If you decide to try ClamXav, use the ClamXav Forum for any information or assistance you require.
You are probably fine, but opening the attachment was a big no-no. Although there's no known Mac malware being distributed this way, there is Mac malware being used in targeted attacks, and we don't yet know how that's being distributed. So, we can't really guarantee you anything.
ESET works fine, according to the results of my testing back in January:
http://www.thesafemac.com/mac-anti-virus-testing-01-2013/
However, I would recommend something a little less intrusive for this purpose. Get a copy of VirusBarrier Express or Dr. Web Light from the App Store. (I'd give the edge to VirusBarrier Express, based on recent events where VirusBarrier detected new Mac malware before anyone else.) Both are free, and both can do a manual scan, but neither will destabilize your machine thanks to the limitations Apple imposes on App Store apps. You can run a scan to reassure yourself.
If anti-virus software does find anything, don't be immediately alarmed. It's probably Windows malware, just sitting inertly on your hard drive. Post here and give us the exact malware names given by the anti-virus software and we can tell you if it's something to worry about.
BTW, this FedEx/UPS scam is a very common one. Those companies will never send you an attachment to open. In general, if you're not expecting an attachment or there's no reason for one, don't open it.
Finally, for more information on these topics, see my Mac Malware Guide.
Thomas A Reed wrote:
BTW, this FedEx/UPS scam is a very common one. Those companies will never send you an attachment to open. In general, if you're not expecting an attachment or there's no reason for one, don't open it.
In fact they rarely even send you an e-mail unless you specifically request one, but that is starting to change. I am now singed up with UPS Quantum View as well as the new My Choice and requested to be notified any time something has been scheduled for delivery, but still no attachments.
Thanks to all for help. Btw my Mac Pro is at 10.8.5 and I am usually pretty diligent about staying up to date. I ran a quick scan with virus barrier express but it only had definitions for 4/3/12 and I couldn't get an update. It said The server wasn't available or I wasn't connected to the internet (I was connected). Guess that's what you get for free. Anyway, it didn't find anything. Looks like there is nothing to worry about but I will be more careful. It just really frosts me that we have to be so distrusting of everything & everybody. The technology we have today is such a great thing and there is so many good things that can be done with it. If the people creating all these virus's & malware used their talents in a constructive way the technology would be safer and they would probably be getting rich from their efforts. I guess there has always been people that have used inventions of all kinds that were meant for something good and turned them into something bad. Thanks again for all the help to all that responded.
I ran a quick scan with virus barrier express but it only had definitions for 4/3/12 and I couldn't get an update. It said The server wasn't available or I wasn't connected to the internet (I was connected). Guess that's what you get for free.
Either there was something wrong with your internet connection or a temporary problem with Intego's servers. It's normally a quite quick and easy process. I just gave it a try now, and got my updates within seconds:
It just really frosts me that we have to be so distrusting of everything & everybody.
Unfortunately, that's nothing new, and probably will be something we'll have to deal with as long as there are other members of the human race in the world. People have been scamming each other for thousands of years, technology just gives them more ways to do it.
If the people creating all these virus's & malware used their talents in a constructive way the technology would be safer and they would probably be getting rich from their efforts.
You would be surprised at how difficult it can be to earn money through white-hat hacking and how easy it is to make money through malicious means. F-Secure's 2013 threat report estimates that one particular hacker (or hacker group) is making $50,000 per day from a Bitcoin-mining botnet. If you're inclined towards dishonesty and have the technical skills, that's several orders of magnitude more money than you could make with a legit job working for a security company.
I'm not saying that's the way to go, obviously... just pointing out why this sort of thing is so tempting to the scum who are willing to do it.
ddravis99 wrote:
Btw my Mac Pro is at 10.8.5 and I am usually pretty diligent about staying up to date.
Then go to the top of this page and choose "Profile" from the Your Stuff menu and change your profile so we will all know that in the future.
has anyone used eset anti virus?
