I got an email with the title:
Returned mail: Data format error

"Dear user
We have found that your email account has been used to send a large amount of junk e-mail during the last week.
Probably, your computer was infected by a recent virus and now contains a trojaned proxy server.

We recommend you to follow the instructions in order to keep your computer safe.

Have a nice day,
aol.com user support team."

I very stupidly downloaded an attachment called aol.com.mim

Now I am getting 4 messages saying:

To: <jjensen@1800pharmacy.com>
Subject: Re:
Date: Wed, 08 Sep 2004 18:18:30 +0000

Problem: Virus found
MIME type: application/octet-stream
File name: Cat.com
Virus name: W32/Bagle.ai@MM
Antivirus: McAfee Scanning Engine (4389/4.3.20)

All invalid attachments of the message were deleted and the message was
delivered to the recipient.

ANd an email from www.newpicturesloginmemebers.biz
and someone cursing me inside.

WHat do I do!?!?!
Brenda
Mac OSX
333 imac 256/60 HD

Perhaps you had a windows attachment that was infected with a virus.

see if this helps: http://www.grisoft.com/us/us_remtext.php?id=bagbugnet

Is this on a PC?

Because it shouldn't be an issue with Mac mail unless you forward an infected email to someone else - then the virus can get forwarded.

It could be that your email hijacked by spammers? It's really easy to spoof other people email identity. I have not used AOL email before so I am not sure of how high is this possibility
Are you using your Mac to check your email? If you are, I don't think that virus can infect a Mac.

If this is in fact on your mac, you can stop worrying because it's just a spoof. If it's a PC that you infected, then run the program in the link I gave you before. http://www.grisoft.com/us/us_remtext.php?id=bagbugnet

I got an email with the title:
Returned mail: Data format error

"Dear user
We have found that your email account has been used to send a large amount of junk e-mail during the last week.
Probably, your computer was infected by a recent virus and now contains a trojaned proxy server.

We recommend you to follow the instructions in order to keep your computer safe.

Have a nice day,
aol.com user support team."

I very stupidly downloaded an attachment called aol.com.mim

Now I am getting 4 messages saying:

To: <jjensen@1800pharmacy.com>
Subject: Re:
Date: Wed, 08 Sep 2004 18:18:30 +0000

Problem: Virus found
MIME type: application/octet-stream
File name: Cat.com
Virus name: W32/Bagle.ai@MM
Antivirus: McAfee Scanning Engine (4389/4.3.20)

All invalid attachments of the message were deleted and the message was
delivered to the recipient.

ANd an email from www.newpicturesloginmemebers.biz
and someone cursing me inside.

WHat do I do!?!?!
Brenda
Mac OSX
333 imac 256/60 HDThis is a well known hoax. It has been around for months. This thing spoofs your email address and your ISP. Now remember this: There are no Mac viruses. If there is ever a Mac virus, you will not be its first victim. If you ever get another email which claims that you have a virus, just ignore it. If you are afraid to ignore it, don't do anything silly. Post a copy of the scary correspondence here and someone will help you. In the meantime, if you are a .mac subscriber, install Virex. Otherwise, buy and install Virex, Norton, or another antiviral utility.

Thanks everyone!! It is so nice to have a place to turn. Everytime I got on live with apple tech, my computer froze.
Looking forward to my G5!
I guess I should put the Norton software on first? before I transfer my harddrive to the new imac?
Brenda

I really should use the preview button before I push send. I meant to say AOL live tech support froze, not apple.
Thanks again

Norton tends to cause more problems than it solves. As far as a disk utility is concerned, the Mac Disk Utility in OS X is more than enough for most users. If you really want virus protection, get Virex, as mentioned above. If you're concerned about something on your current iMac "infecting" your new iMac, don't be. You don't have a virus, so there's nothing to worry about. Just link the two via firewire and transfer away!

Enjoy the new iMac, I'm jealous! :)

I really should use the preview button before I push send. I meant to say AOL live tech support froze, not apple.
Thanks again

you know there is an edit button, where you can change what you posted or put more in it.

edit: <-- This is to say I added to it using the edit function.

New guy here. If you can't get a virus on a mac do you really need antivirus software?

New guy here. If you can't get a virus on a mac do you really need antivirus software?
no. the antivirus companies just try to take advantage of Mac users who dont know better by trying to sell them antivirus software for the Mac.


If you're really worried, just think reasonably. Don't open attachments unless you know the person, make sure you have a decent alphanumeric password that you change once in a while, dont run things as root, you get the idea.

Now for a little bit of funny geeky humour, well...i find it funny lol. I found this in my apache access log. This is on my powerbook. :p

67.119.233.191 - - [04/Sep/2004:23:30:02 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
67.119.233.191 - - [04/Sep/2004:23:30:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318

no. the antivirus companies just try to take advantage of Mac users who dont know better by trying to sell them antivirus software for the Mac.


If you're really worried, just think reasonably. Don't open attachments unless you know the person, make sure you have a decent alphanumeric password that you change once in a while, dont run things as root, you get the idea.

Now for a little bit of funny geeky humour, well...i find it funny lol. I found this in my apache access log. This is on my powerbook. :p

67.119.233.191 - - [04/Sep/2004:23:30:02 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
67.119.233.191 - - [04/Sep/2004:23:30:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318
HAHAHA this stuff cracks me up! :p

what does all that mean?

what does all that mean?

It means that someone's pee-cee virus was trying to access critical Windows files on a Mac... something that doesn't affect us Apple owners :)

Stupid PC...... :)

Ten bucks says the mail system is from Kerio.
We get dozens of those a day, and it spoofs. Often times it says "from the mchs tech team". Our users are pretty wise now that we told them about the virus warnings and capabilities of Kerio Mail Server. (An EXCELLENT product by the way)
Kerio has the ability to either silently delete the mail, or send the message stripped of the virus. I decided to "send" since we have a few users with an old Melissa virus infecting some of their Word files. Macs can carry, and Melissa DOES affect the Mac by opening as read only, and forcing you to "disable macros". Doing a virus scan then locking the "normal template" will stop further Mac infection. (Or getting rid of Word altogether, which is my dream!)
Bottom line: the virus writer has forced you to waste time and worry for nothing!

New guy here. If you can't get a virus on a mac do you really need antivirus software?

Some people think it's necessary because you can get let's say a humorus picture from Uncle Bob in an email. You want to forward this picture to others, however, you didn't notice the "2 Attachments" thing in Mail. You send it, affecting PCs. Of course you need common sense to be able to notice a weird .pif attachment doesn't belong in a mail message - something which anti-virus owners lack.

Sometimes it's fun to get the most bizzare email messages:


From: "Bounced mail" <my isp>
Date: July 29, 2004 6:41:29 PM EDT
To: ----
Subject: DELIVERY REPORTS ABOUT YOUR E-MAIL

˝ôFLf◊öHR≠{u´˙Í≥uπfl…À9≥Æ\]«Z] ùˆÉo<¯√ê„Ï
â¿∏‡ê«e
“ÒÑ≥°ÚF$ÌÔıŸø∑üQ‚-LPfi2≤x‘Ç8Î◊ÑÌØÌ˘,œ
„flQ€û≠Y>πÀÍ©ÊÆ…4»Èo–◊OMx˘’
l1·0⁄
ÎÇÎ*◊SÏ
›‚¸„w◊Áx˙¯$ë^ ≈IÚÎ∞»¿ÅzÙ¶œ-[8”ï-‚
ƒ(ïeÑu'<û
H ˜óºrw≠∑Ê—∆™}h∏ëz¬B.Ó‹∂¸ìß8ôlÓ¶Ib>
ˆ›‹‘Ÿffi%ǃfiı'Yr
}뉪hmIn◊S›B´≠:∞°“c8â®,ˇ
fi¬“`_'JfiÜ7ì^·%)
^X√R¯æ˜O¶QõúìÂî≤á;’”Op¶nºJö"(?|ÔRßBP]m¶u"∞;¶«∂§˚’QÃA^ÎÍê úº
1
‘ÚĢ‡ªa
ßeng:r`ÕVÑüÒŘæ¯ßº¢)¢[ë‹çpU„›g›ŒÓ*}fi.“w®ü‹˛kµl∂Q´˛¶%eA‰∂h’*4ü˙e€‡Ã4%¨(P&ÍG˝\‘«ınˇŸ≤ÔgmƒÊ…◊™6u¶-QÃfi ‡Ñt*≤á\µïa#.ìxπp[:9æ∆-Yn∆I6F˝´
JY\p≥úha`[{≠ñ»8À8%EûSëß~.–ZáJo™{8¤ÈÜ"ªº∂ÈpgÏ2›uFf◊MK9Bòë0Ó°Ú¸§¯í}wôE´⁄K_\‰hØ´#fiRññS¤usñîa∏˛^-ËR±l„cRÔ‡ìjvTº0È}
®Pɢ.§IîÄNûͺeîùõ∞Ïi$Ì&¸û;÷Ï“1ü‡ 㛪¶n?"ïP‘
µ}‰ê9”ôÇT¨ è/ÀµΩNzõÌR‘àflµ¬µÎ\,”·7g2Ô˝©TN)ü4Ϙ‚Qî„5Æ[A˛eÂÌˇı0pRkòı∑¥Ç
z€ñ\*„PÂJΩRœãpöV9†∂LÃè'Qä˝f<c(¨öœ˝¬†^¤I8gWÑouÊ%rt¬`õù‘9y∞7.NÀ
ÙÉcœH5ÂJö©…ÁäΩX*‡
¥Q≠;^ùˇ¸Öåø%Õ~*0ÒŸ€$0v[Ï}M}‰sAÇ¢ëJ˘nZ∂NY*Ì˙;Ïr¶^û¤ØÉDRåB·´ÔÙvn¬2Y6/ïi…∏–¥a°8W7'—a
nlè£7ê<Ï„dt?◊ÅÜ©i¯IEõ‰∑y
‘õJnπ\>Æ9ökVu≈¨ô.Á5*Pôwv.»§åih[Å”yŒ∑[ñ¡vQ)t˚HÄÒ8Qvkoœòyg©¿Ó«D)«e∆€ñUæ◊∞µ^Ïñ;çêöeä6
^≤≤À¢pé”8|\îÑ“ç∆«ƒ§©∂ıe5iK®à()0”Vögh\¥y¤⁄‹1¢ ‹ËtM§¡RÂ∂ÆVVˆRÌ°Wi|„–ÊX`C:_Pëèd˜Aƒá{·ópÕUıµÔ™Fyí÷»àÌYø%Ò„¤ÑÉthg√ãÌ≥/∆∫¢Sr:fi…gÙ–Ú∂∞
Ù_Ó¥£doí‰öuäE5`77ûˇ˚¥·†„≤˚(ÏV`±wN Œflbü‘e¯˝`û0√lZgêÂôœ»b"\˝vHxäπ0¡.Ô∞Î ı!éõ
/ÀO‡NhT÷÷πE€ˇC6ù1·˙»
7–wıx8éñé
˛Õ6#∆µQõÍ{™zÎlüåv[í®∏[(ˇkr]ѪQ¢KÃYŒTÅÄX˚fi"Ü≤©«Ñ5≤3˙Eov8'Zúßûq¢Hæüñ¢¥ùH›A!Åm7ȧ
†ÁfiW!‹A<ßTJjLU¬¨CØÔ†;≈‡≤#†I™òn¶¢Ãe¯bflN D`ï%˙ü§ú!ÇTQ&w‚—äè∂≠Kò˜Ê¬%¯≠*Ò∏Ï¢U»ú«—ÃnB∫≤´ÅˇÅ®)^Å“t5€ØØ)∂u◊`⁄Ø-GƒójÃêéÆ”ZÒ©XArÑ\˚w ˚%¬◊sI§ K∂h#2úfl{O2¡(ë©≠J:ÉS0ˆHÒäúmä™;Fvfl°L¨{µbµ^˘ŸÖ°ƒßF¥OÉäÙ$€E°√¥ó¿Í”„™.'fiYÂAºl{√¥‚uÑ(nMy˛£tT√÷Õ˙◊”ü BY ˝∂Añ˝d^≤b
l·Å¢f˚W˛`èÌ8-Ìñ¥6ôàÒè1ö∂n∂Ï≥BlÇ&´h[$΃3%OE¡ôü
¸!∑◊x>È`ùÉJ<˜
ßÈv≠û?b˜y7\jÇ÷ŸùO”îi…bı˚ACÁˇ€p·◊‹ßåÅ>
Sπä.<oâ™≥oÕH‰õ9d<◊lH¶<Ì˛¡,ÚÜvXé5-ߡ)ZÚîh/fÕ±≈œÔî)IƒçZ,d]òM†±áw»dl<É##ÌÂØflüc‡˙op7”
©≥*Ø'Ï8¬LQcÕsÅ°ºeûÖF].Ø«%¿…≤rZ
’Àπ˝ä‰≠Îh˚ù$^Sµ∞£-ô‹ôÅ®E∑ä¬X«‚9f¬¡ Ô_h5sz∏ÖÅ`xÒ&ø̵oJpGváéiÚzÏ∂©flcçÖsDßí≠û¥π'Ïz±8ı¿vd´Œ?ÏÇ’÷.éÜ ˙ı¨S∞Z’ÜÙ#Ω˝€]Òz“¸˙ïÒÈ«
NX—ã“Ó±Ç≠AöôLŸ/mHë”è)¯[H#-≈Ô˜
!Çıæıáz&0€NÉŒ:1»Á’o∑!¸∞µÄ≈çfi}ùüºdF°ñ¸˝å≈πtöD’≈°
kçtH»oXK)^`¤®"π>]ê>
F˜q¢ıQk‘á©EWˇ£GföÕ?ı∑›®πäàe¯GXõ[î®O^Ü…ŒÚ£ü!hT‡∂ÊAƒì¡Ω"î¤?E0!OѤ1‚f¸†3ßtèJKÌo√ƒ–÷¡¢wÓ5~,L'<?LÁ_ﮘMÂÚ$PExÁ≈Ç„'1Ì€‚ô…©úölÄZ´ì¯≥l≈0dª‹»Øå*]Èb±_óıi®K™H¨Ó1„#Øm.Vu¥t¿"ÆlßÃ#-õ>„CìÀ”¯˛\⁄°Ç6ObZ%z¿}≠∆Ω3uï$óïÇ«Á;ızTFèY˜∫_XÁöÆIπRŸflyõ)B2U⁄x}BJ˜a∞U


Then have a text attachment at the bottom saying that my ISP deleted the following virus from the email using Norton Antivirus:


Norton AntiVirus removed the attachment: TRANSCRIPT.SCR.

The attachment was infected with the W32.Mydoom.M@mm virus.


Makes you feel right at [127.0.0.1] sometimes.

Some people think it's necessary because you can get let's say a humorus picture from Uncle Bob in an email. You want to forward this picture to others, however, you didn't notice the "2 Attachments" thing in Mail. You send it, affecting PCs. Of course you need common sense to be able to notice a weird .pif attachment doesn't belong in a mail message - something which anti-virus owners lack.Do you have any evidence--much less, proof--that people who use antivirus software lack common sense?

There are no Mac viruses



The computer virus problem is much less prevalent under the Unix platform, but that does not at all mean it is nonexistent. Unix viruses (though very few) do exist. Additionally, some of the oldest worms are UNIX based! If you consider your data important, you need to accept these facts.
(http://www.claymania.com/unix-viruses.html)

http://www.iwar.org.uk/comsec/resources/plausibility.htm

Well whatever it was, AOL shut me down.
SOmeone apparantly got my password so I had to get them on the phone to even check my email! Only a 25 min wait to change my password!
anyway here's what one message board on AOL for Mac said:

X-WinProxy-AntiVirus: Removed W32/Bagle.AW.worm

The same thing has been happening to me and the above is what it says in the scan. >>

The Bagle/Beagle family does not infect Macs. You got the warning because the infection on someone's Windoze box spoofed your email address. Here is probably more than you wanted to know.

The Bagle family of Trojans/worms has gone entirely through the alphabet with variants, and most of the way through a second time. These all infect Windows 95 and more recent releases of Windows. They do not infect Macintosh, Linux or Unix. In fact, there are more Bagle variants than there are Macintosh trojans - total.

Different Antivirus software companies use somewhat different names for the same family or for variants within the same family. A search on McAfee's Windows side turned up 64 records matching "W32/Bagle". http://us.mcafee.com/virusInfo/default.asp?id=alphar

Symantec calls the entire family "Beagle" instead of Bagle. A typical description is at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html (for Beagle.AO) or here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html for Beagle (Bagle) AP.

Bagle.AW may be something that McAfee and Symantec assigned a different letter suffix. OR it may be something that has so far only appeared in Eastern Europe. A Google search for "Bagle.AW" turned up a lot of posts in what appears to be Polish. http://www.idg.pl/ftp/pc_2905/Szczepionki.G.DATA.Software.Sp.z.o.o..W32.Netsky.A.T..W32.Bagle.A.W..html

At any event, your Mac cannot be infected by any known Bagle or Beagle worms. All of these Windows worms spoof email addresses, so that bounces and Mailer Daemon warnings go to the spoofed address, not to the infected computer.

Yikes that's a lot of words.
Brenda :confused: :eek:

Makes you feel right at [127.0.0.1] sometimes.


mmm... what you meant to say was "Makes you feel right at ~ sometimes"

Interesting, it seems that for the first time ever, a live virus attachment reached my (FastMail) inbox.

Date: Wed, 15 Sep 2004 11:19 AM
From: ed@membled.com
Subject: Mail Authentication

Protected message is attached.

Attachment file: encrypted_msg01.zip (40k)

Now if I open the .zip file, I get this file: data.rtf[followed by 71 spaces].scr
Typical windows virus message. Stay alert nevertheless, and report them straight to whichever government agencies investigate senders of viruses.

During 9.2 and a short stint using ICQ, I did have a trojan infect my Mac, and over night, a few hundred thousand emails had been sent out using my email..... it was scary, and sad, and I was mad for a short time. Though I got over it, and never used that program again!

At any event, your Mac cannot be infected by any known Bagle or Beagle worms. All of these Windows worms spoof email addresses, so that bounces and Mailer Daemon warnings go to the spoofed address, not to the infected computer.

Yikes that's a lot of words.
Brenda :confused: :eek:


Then let's simplify it:

1. You can NOT be infected by ANY Windows-specific virus on Mac OS X.

2. Virtually all of these recent virus/worm/trojan (yes, they are different things) outbreaks work in a similar manner:
a. Victim must be running Windows
b. Victim must be using MS Outlook or MS Outlook Express for email
c. Victim frequently must be using MS Internet Explorer for browser
d. Virus exploits vulnerabilities in IE AND Outlook AND Windows to infect that machine.
e. Virus goes through the Victim's address book in Outlook/Outlook Express/Windows, and sends itself TO people in the address book pretending to be FROM someone ELSE in the address book.

3. People running virus scanners on mailservers (as I do) may have them set up to auto-notify the sender if a virus is discovered (I used to do this, but no longer). Back when infected documents sent as attachments were the primary means of virus propagation, this worked well -- it told people what the problem was so that they could clean up their act and know why their mail did not go through. For the last 2 or more years, however, this notification has caused more problems than it's solved, because the notification goes to who the infected mail PRETENDS to be from, not the actual victim.

4. Therefore, the victim here is someone who has you in their address book. The virus with which they are infected (a bagle variant) sent itself TO other people pretending to be FROM you, which led to the chain of events which you experienced.

5. Your AOL password being compromised is a different matter.

There are NO viruses for OS X.

Do you take weekly doses of chloroquine, pyrimethamine or halofantrin to prevent malaria? Why not? A mosquito infected with malaria *may* find it's way to you, so be prepared! Smart if you live in Africa or South America, dumb if you live in North America or Europe. The risk approaches zero, so the drugs are a waste.

IF any virus risk appears for OS X, then antivirus software (Sophos is the best) would be appropriate. Since there are NO viruses for OS X, don't wory about it.

Please dont be so blind, just because you love Apple so much....

Intego has posted a security alert warning Mac OS X users that a new trojan horse virus appears to be able to execute on a Mac.
This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks. (http://its.southwestern.edu/kbs/archives/2004/04/000188.php)

Please dont be so blind, just because you love Apple so much....


Don't patronise me, and be sure you know what you're talking about before posting links to discredited stories. The thing mentioned in that link was proof-of-concept trojan (not a virus) that was never 'in the wild'. It was largely hype by Intego: (link to Wired article on the topic) (http://www.wired.com/news/mac/0,2125,63000,00.html?tw=newsletter_topstories_html)

When you have 15 years of serious systems/security administration and IT management experience across 4 OS platforms, get back to me. I'm sure you'll be better equipped to discuss this topic then.

I stand by everything in my previous post. If the original poster of this thread has any questions, I'll be glad to discuss them.

Intego has posted a security alert warning Mac OS X users that a new trojan horse virus appears to be able to execute on a Mac.
This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks. (http://its.southwestern.edu/kbs/archives/2004/04/000188.php)
Yeah, I also thought that those were all false. I remember the threads on how Intego fabricated a lot of that to get people to buy their software. I don't think anyone here is being blinded.

FINE FINE FINE, you win
there are no UNIX viruses.., never will be, never have been. You guys can all go stick your head in the sand. I will not be back. We're dealing with a hurricane anyways. Man, I remember when we could discuss issues on this board everyone not get so pissy