Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 16, 2013, 02:14 PM   #1
petalino
macrumors regular
 
Join Date: Nov 2010
My girlfriend's MacBook Air is sending out spam ads

My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?
Can anyone help?

Thanks in advance
petalino is offline   0 Reply With Quote
Old Jan 16, 2013, 02:24 PM   #2
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by petalino View Post
did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?
This. Change the password immediately to something stronger, and unique to that service.
chrfr is offline   0 Reply With Quote
Old Jan 16, 2013, 02:39 PM   #3
petalino
Thread Starter
macrumors regular
 
Join Date: Nov 2010
I already told her this and she just did it.

I am not sure however if someone really stole her password.
Is't it malware that nests itself on her computer and starts sending out Spam using her email account when she logs in even with a new password?

Quote:
Originally Posted by chrfr View Post
This. Change the password immediately to something stronger, and unique to that service.
petalino is offline   0 Reply With Quote
Old Jan 16, 2013, 03:13 PM   #4
fat jez
macrumors 65816
 
Join Date: Jun 2010
Location: Glasgow, UK
it could equally be one of her friends who has her email address in her contact book and who has a virus (unlikely if the mails are in her sent folder). I can set a reply address of whatever I want and send mail through my mail server.

It could also be that she has logged into her account through another PC which had a key logger running and which snagged her password and login name.

As others said, get her to change her password to something secure (mix of letters, numbers and punctuation). I'd say it's unlikely to be something on her Mac, Mac malware is pretty rare.
__________________
'11 MBP 2.3GHz 16GB RAM 240GB SSD 15" Anti-Glare screen OS X 10.9.2
iPhone 5S 64GB
iPad Air 32GB
fat jez is online now   0 Reply With Quote
Old Jan 16, 2013, 03:23 PM   #5
kaielement
macrumors 6502a
 
Join Date: Dec 2010
In most cases just changing the password should solve the issue. I had something like this happen a few years back. Never found out how it started but changing my password fixed the issue.
__________________
2012 11" MacBook Air, 2007 White MacBook, 16gb iPhone 5, 16gb iPhone 5s, 32gb iPad Air, 160gb iPod Classic, 8gb 6th Gen Nano, 20gb 2nd Gen iPod, 40gb 3rd Gen iPod
kaielement is offline   0 Reply With Quote
Old Jan 16, 2013, 04:38 PM   #6
cambookpro
macrumors 68040
 
cambookpro's Avatar
 
Join Date: Feb 2010
Location: Berks, England
Would be really, really surprised if it was some malware doing it. As others said, change the password and she should be fine.
cambookpro is offline   0 Reply With Quote
Old Jan 16, 2013, 04:41 PM   #7
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by petalino View Post
I already told her this and she just did it.

I am not sure however if someone really stole her password.
Is't it malware that nests itself on her computer and starts sending out Spam using her email account when she logs in even with a new password?
It's not malware. Her email account was hacked, which has nothing to do with her computer. That could happen even if she didn't own a computer. Make sure all passwords are long and complex, using special characters, numbers and upper and lower case letters.
Mac Virus/Malware FAQ
GGJstudios is offline   0 Reply With Quote
Old Jan 17, 2013, 05:37 AM   #8
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Quote:
Originally Posted by chrfr View Post
This. Change the password immediately to something stronger, and unique to that service.
He/she should change also the answers to the security question(s), which e-mail providers use to reset the account password. The answers should be random strings, 32 characters long or longer. He/she should NOT store the security answers to the security questions on the computer.
__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   0 Reply With Quote
Old Jan 17, 2013, 06:43 AM   #9
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: email contacts...

Quote:
Originally Posted by petalino View Post
My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?
Can anyone help?

Thanks in advance
Hi petalino,

Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...

The reason I ask is because an email hack has been making the rounds where the email malware contains code to sends a victim's Contacts to about five different servers around the world. Depending upon whether the victim's email account is set to automatically execute code in emails (and I believe Yahoo email does so by default), the victim may not even have needed to click on anything in the email malware, simply opening the email would be enough to trigger the execution of the code to upload the Contacts. These other servers then send email to those contacts making it appear that the emails (spoofed) were from the victim. But they aren't, they originate from those servers ...

So, once the victim's Contacts has been uploaded, there is little or nothing that you can do to stop the subsequent Spam, except contact your contacts yourself and explain what has happened.

Good luck,
Switon
switon is offline   0 Reply With Quote
Old Jan 17, 2013, 08:15 AM   #10
Bear
macrumors G3
 
Join Date: Jul 2002
Location: Sol III - Terra
Quote:
Originally Posted by switon View Post
...
Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...
...
If it's in the Yahoo sent folder, it doesn't have to be from her computer, it could be from anyone using her Yahoo account.

Quote:
Originally Posted by petalino View Post
My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.
...
A lot of Yahoo accounts have been hacked in the past year. Changing the password and security questions is the way to go. And also make sure that any additional email addresses associated with the yahoo account are hers.

It's in all likelihood not her computer.
__________________
-----Bear
Bear is offline   0 Reply With Quote
Old Jan 20, 2013, 08:42 PM   #11
CarreraGuy
macrumors regular
 
Join Date: Jan 2013
If this was a CSRF this *shouldn't* happen anymore according to Yahoo. Yahoo email was susceptible to Cross Site Request Forgery, this happens when you visit a "questionable site" like I did when I tried to watch a live NFL game online

I had two tabbed browsers open: my logged in yahoo email session and the site in question. The questionable site used Javascript to send out emails on my behalf while I was logged in to my yahoo email. In this case they didn't need to know my password since I was already logged in but I changed it anyway.

If this is what happened to you it shouldn't happen anymore. And if she visits sites with a large amount of ads I would disable Javascript - Google "NoScript" it's a handy browser plugin utility.
CarreraGuy is offline   0 Reply With Quote
Old Jan 29, 2013, 08:34 PM   #12
USAntigoon
macrumors newbie
 
Join Date: Feb 2008
Location: Great Lakes, MI
Yahoo email hacking

Quote:
Originally Posted by petalino View Post
My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?

Can anyone help?

Thanks in advance
I had the same thing happening to me by clicking on a link in an email from a friend (lesson learned now..).. From what I understand (I am not an iMac geek) this link, once clicked open, triggered the following events..It found a way back via the cookies (holding your log in info for the yahoo pop server) into your Yahoo account and hijacked your "contacts" which you have in the account (not the iMac contacts) This contact list was used to sent the malware URL to your contacts.. I checked this via the "sent" tab on the Yahoo server..and found these malicious emails.. I didn't found them in the "sent" folder of my Safari mailer..
I deleted that "contact" list for my yahoo accounts and changed the PW..
Still don't understand why my famous Intego VirusBarrier 2013 did not detect that..
Also did a full scan with Intego and found nothing..

----------

Quote:
Originally Posted by switon View Post
Hi petalino,

Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...

The reason I ask is because an email hack has been making the rounds where the email malware contains code to sends a victim's Contacts to about five different servers around the world. Depending upon whether the victim's email account is set to automatically execute code in emails (and I believe Yahoo email does so by default), the victim may not even have needed to click on anything in the email malware, simply opening the email would be enough to trigger the execution of the code to upload the Contacts. These other servers then send email to those contacts making it appear that the emails (spoofed) were from the victim. But they aren't, they originate from those servers ...

So, once the victim's Contacts has been uploaded, there is little or nothing that you can do to stop the subsequent Spam, except contact your contacts yourself and explain what has happened.

Good luck,
Switon

Makes a lot of sense....that is in line with what I experienced, as outlined in my previous post.. Thanks for sharing..
USAntigoon is offline   0 Reply With Quote
Old Feb 6, 2013, 09:27 PM   #13
USAntigoon
macrumors newbie
 
Join Date: Feb 2008
Location: Great Lakes, MI
Intego VirusBarrier 2013

Earlier in the year I upgraded my VirusBarrier X6 to the new "fancy" 2013 version.. I got zapped with that malware which got the cookie info etc.. VirusBarrier is worthless..Come to find out that the 2013 version is a "chopped down" version of the VirusBarrier X6...All these guys seem to love cutting corners..
Will look into something else now..
USAntigoon is offline   1 Reply With Quote
Old Feb 6, 2013, 10:31 PM   #14
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by USAntigoon View Post
Earlier in the year I upgraded my VirusBarrier X6 to the new "fancy" 2013 version.. I got zapped with that malware which got the cookie info etc.. VirusBarrier is worthless..Come to find out that the 2013 version is a "chopped down" version of the VirusBarrier X6...All these guys seem to love cutting corners..
Will look into something else now..
3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link. Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
GGJstudios is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPhone is sending messages - not spam. StarOfLeo iPhone Tips, Help and Troubleshooting 3 Dec 5, 2013 07:23 PM
iPad: Girlfriend dropped a heavy 3 hole puncher on the ipad air. Ksc272 iPad 37 Nov 11, 2013 09:38 AM
Mac sending out spam emails themvf MacBook 8 Sep 17, 2013 06:13 PM
iPhone: jailbroken iphone sending out spam emails marlado Jailbreaks and iOS Hacks 0 Apr 25, 2013 11:51 AM
MacBook Air for girlfriend - Refurb 2010 vs Refurb 2011 LukeSpringUK MacBook Air 23 Jun 16, 2012 09:24 AM

Forum Jump

All times are GMT -5. The time now is 12:21 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC