Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 19, 2003, 03:32 PM   #1
D0ct0rteeth
macrumors 65816
 
D0ct0rteeth's Avatar
 
Join Date: Mar 2002
Location: Franklin, TN
Send a message via AIM to D0ct0rteeth Send a message via MSN to D0ct0rteeth Send a message via Yahoo to D0ct0rteeth Send a message via Skype™ to D0ct0rteeth
Do I Have A Mac eMail Virus??

I just received well over 100 emails in the last hour. In my actual inbox, not in my junk folder.

All are very similar and have one of three subjects along the lines of "Re: Details" and have "please see attached message" as the body.

I recognize about a third of the peoples addresses, while another third of the address' are from companies I deal with.. but not people I know.

The final third are just random address'

Any help? Please?

-Doc
__________________
http://twitter.com/c_johnson
D0ct0rteeth is offline   0 Reply With Quote
Old Aug 19, 2003, 03:38 PM   #2
Vlade
macrumors 6502a
 
Vlade's Avatar
 
Join Date: Feb 2003
Location: Meadville, PA
I wouldn't open the attachments... thats weird.
Vlade is offline   0 Reply With Quote
Old Aug 19, 2003, 03:42 PM   #3
D0ct0rteeth
Thread Starter
macrumors 65816
 
D0ct0rteeth's Avatar
 
Join Date: Mar 2002
Location: Franklin, TN
Send a message via AIM to D0ct0rteeth Send a message via MSN to D0ct0rteeth Send a message via Yahoo to D0ct0rteeth Send a message via Skype™ to D0ct0rteeth
I cant even see the attachments. It just says "see attachment for details".. but there is no attachment.

I assume3 someone else is affected and I am just in their address book?

(16 more emails while typing this )

-Doc
__________________
http://twitter.com/c_johnson
D0ct0rteeth is offline   0 Reply With Quote
Old Aug 19, 2003, 03:52 PM   #4
Chad4Mac
macrumors 6502
 
Join Date: Apr 2002
Location: Los Angeles
Info

We got one this morning and Symantec Corporate got it before anyone opened it

Are you on a domain with a bunch of PCs?

Chad4Mac
__________________
"TNT -- Today, Not Tomorrow"
"Earn your living by working -- earn your life by giving."
GLGII
Chad4Mac is offline   0 Reply With Quote
Old Aug 19, 2003, 03:57 PM   #5
D0ct0rteeth
Thread Starter
macrumors 65816
 
D0ct0rteeth's Avatar
 
Join Date: Mar 2002
Location: Franklin, TN
Send a message via AIM to D0ct0rteeth Send a message via MSN to D0ct0rteeth Send a message via Yahoo to D0ct0rteeth Send a message via Skype™ to D0ct0rteeth
Thats the little bastard.

Most of my clients run pc's.. but I am safe. We only use macs.

I was just in their address book like I hoped.

Thanks for the link Chad.

-Doc
__________________
http://twitter.com/c_johnson
D0ct0rteeth is offline   0 Reply With Quote
Old Aug 19, 2003, 03:58 PM   #6
brogers
macrumors regular
 
Join Date: Apr 2002
Location: Greensboro, NC
We are getting the exact same thing at my office in NC. We all are on Dell's. I have not checked my Macs at home though.

brogers
brogers is offline   0 Reply With Quote
Old Aug 19, 2003, 03:59 PM   #7
Powerbook G5
macrumors 68040
 
Powerbook G5's Avatar
 
Join Date: Jun 2003
Location: St Augustine, FL
Send a message via AIM to Powerbook G5 Send a message via Yahoo to Powerbook G5
So this is what we get from our newfound "Windows compatibility" in OS X...oh the joys!
__________________
iMac, therefore, iAm.
Powerbook G5 is offline   0 Reply With Quote
Old Aug 19, 2003, 04:20 PM   #8
Daveman Deluxe
macrumors 68000
 
Daveman Deluxe's Avatar
 
Join Date: Jun 2003
Location: Corvallis, Oregon
Evidently, this virus will look through temporary Internet files and get whatever email addresses it can from then, then send the email with the attachment. I've gotten a couple dozen today.

It makes sense, when you consider I'm the only one in the office who's gotten these, and I'm also the only one in the office whose email is on our company's main page (I'm the webmaster, so my email is on EVERY page).
Daveman Deluxe is offline   0 Reply With Quote
Old Aug 19, 2003, 04:26 PM   #9
Chad4Mac
macrumors 6502
 
Join Date: Apr 2002
Location: Los Angeles
Before we upgraded our network (Cisco PIX, Win 2003 Server, Symantec Corporate), I would open my emails only though my Mac, fearing that if I used Outlook, a virus would slip by and down my trading system. It really was the only way I was safe. But now that we upgraded, I tend to leave the Mac excusively to personal stuff -- no work emails and such.

I wonder how long it would take for somene to write something serious for OS X. If you think about it, now that there is credit card info stored within the OS -- through .Mac and now iTunes -- there might be a little more incentive to write some something that can retreive it.

Just a thought...

Chad4Mac
__________________
"TNT -- Today, Not Tomorrow"
"Earn your living by working -- earn your life by giving."
GLGII
Chad4Mac is offline   0 Reply With Quote
Old Aug 19, 2003, 04:29 PM   #10
snahabed
macrumors regular
 
Join Date: Sep 2002
Location: New York, NY
ive gotten a few too.

presumably these attachments arent a problem when Mail.app "caches" them or whatever it does?
snahabed is offline   0 Reply With Quote
Old Aug 19, 2003, 04:44 PM   #11
cnladd
macrumors regular
 
Join Date: Feb 2003
Location: Northridge, CA
Send a message via AIM to cnladd Send a message via Yahoo to cnladd
Quote:
Originally posted by Chad4Mac
If you think about it, now that there is credit card info stored within the OS -- through .Mac and now iTunes -- there might be a little more incentive to write some something that can retreive it.
There's no credit card information stored within the OS due to those services. They operate the way Amazon.com or most other online retailers operate: they store your credit card information on their own site and you log in with a user name and password. Automatic logins happen using cookies, again like Amazon.com or other retailers.

Both iTunes and .Mac are entirely web-based and both make extensive use of cookies.

The only credit card info stored on your system will be in any personal records that you keep on your Mac (say, in Quicken, for example.)
cnladd is offline   0 Reply With Quote
Old Aug 19, 2003, 04:48 PM   #12
cnladd
macrumors regular
 
Join Date: Feb 2003
Location: Northridge, CA
Send a message via AIM to cnladd Send a message via Yahoo to cnladd
Re: Do I Have A Mac eMail Virus??

Quote:
Originally posted by D0ct0rteeth
I just received well over 100 emails in the last hour. In my actual inbox, not in my junk folder.

All are very similar and have one of three subjects along the lines of "Re: Details" and have "please see attached message" as the body.

I recognize about a third of the peoples addresses, while another third of the address' are from companies I deal with.. but not people I know.

The final third are just random address'

Any help? Please?

-Doc
No, you don't have a Mac e-mail virus -- to date, none exist for the Mac (and it would be hard to create one.)

What you're experiencing is the result of PC users who have an e-mail virus.

An email virus spreads by sending an e-mail out to everyone in your address book with an attachment that either gets executed automatically or that the user opens (and activates) themselves.

Being on a Mac means that you're pretty much immune from spreading the virus (unless you forward those e-mails on yourself, they won't automatically be spread as they would on a PC.) Unfortunately, you're at the mercy of your PC-using friends who have you in their address books -- when they get the virus, it responds by propagating out to all their contacts, including you.

Just don't forward those messages on.

Last edited by cnladd; Aug 19, 2003 at 05:04 PM.
cnladd is offline   0 Reply With Quote
Old Aug 19, 2003, 04:55 PM   #13
TEG
macrumors 604
 
TEG's Avatar
 
Join Date: Jan 2002
Location: Langley, Washington
Send a message via ICQ to TEG Send a message via AIM to TEG Send a message via MSN to TEG Send a message via Yahoo to TEG Send a message via Skype™ to TEG
Yes its a Virus, actually there are two going around... But thankfully it only affects windows.

More:
-----
New virus alert: W32/Sobig.F-mm

Warning: dangerous new variant of “Sobig” family spreading

On 18th August 2003, MessageLabs the email security company intercepted several copies of a mass-mailing virus which were identified as W32/Sobig.F-mm. The initial copies all originated from the United States.

Name: W32/Sobig.F-mm
Number of copies intercepted so far: 1,124 (increasing rapidly)
Time & Date first Captured: 18 Aug 2003 21:04 GMT
Origin of first intercepted copy: United States
Most active country: United States (95%), Denmark (3%), Norway (1%)

Characteristics
Initial analysis would suggest that Sobig.F is a mass-emailing virus that is spreading very vigorously. Sobig.F appears to be polymorphic in nature and the email from: address is also spoofed and may not indicate the true identity of the sender. In earlier versions of the Sobig family, the file extension has sometimes been truncated. MessageLabs have not yet observed this with the Sobig.F strain.

The email may also comprise the following characteristics:
Subject: Re: Details
Text:
Please see the attached file for details.

Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, document_9446.pif

In an attempt to bypass local antivirus security, the file size varies on each generation reminiscent of Yaha by appending rubbish to the end of the file, but is on average around 74kb in size. The initial copies are packed using TELock, but there may be other variants in the wild packed using different packers.

From Messagelabs.com
-----
TEG
__________________
Apple and Dell are the only ones in this industry making money. They make it by being Wal-Mart. We make it by innovation, - Steve Jobs
The Tegian Zone-Glass Onion Radio
TEG is offline   0 Reply With Quote
Old Aug 19, 2003, 06:05 PM   #14
Chad4Mac
macrumors 6502
 
Join Date: Apr 2002
Location: Los Angeles
Quote:
Originally posted by cnladd
There's no credit card information stored within the OS due to those services. They operate the way Amazon.com or most other online retailers operate: they store your credit card information on their own site and you log in with a user name and password. Automatic logins happen using cookies, again like Amazon.com or other retailers.

Both iTunes and .Mac are entirely web-based and both make extensive use of cookies.

The only credit card info stored on your system will be in any personal records that you keep on your Mac (say, in Quicken, for example.)
I see. Thanks for the clarification

So I guess if someone were able to send a "trojan" or something like this, they would have a hard time pulling info from iTunes and .Mac, but would be able to steal info stored on your hard drive, like excel files, etc. Well, that can only be a good thing, especially now that Panther will have protected files under the FileVault app.

I just hope that we'll never have to really worry about a Mac virus in the near future....

Chad4Mac
__________________
"TNT -- Today, Not Tomorrow"
"Earn your living by working -- earn your life by giving."
GLGII
Chad4Mac is offline   0 Reply With Quote
Old Aug 19, 2003, 06:19 PM   #15
Powerbook G5
macrumors 68040
 
Powerbook G5's Avatar
 
Join Date: Jun 2003
Location: St Augustine, FL
Send a message via AIM to Powerbook G5 Send a message via Yahoo to Powerbook G5
My mom is always complaining to me about all these worms and virus after virus popping up lately...I keep telling her, they should have bought that iMac they wanted...but they insisted it would be too difficult to relearn a whole new platform and how Winows XP is supposed to be so much more stable and secure...even with anti-virus software, they've gotten a few just in the past month...
__________________
iMac, therefore, iAm.
Powerbook G5 is offline   0 Reply With Quote
Old Aug 19, 2003, 06:30 PM   #16
beefcake
macrumors 6502
 
Join Date: Jun 2003
Location: Baltimore
Send a message via AIM to beefcake
Quote:
Originally posted by Powerbook G5
My mom is always complaining to me about all these worms and virus after virus popping up lately...I keep telling her, they should have bought that iMac they wanted...but they insisted it would be too difficult to relearn a whole new platform and how Winows XP is supposed to be so much more stable and secure...even with anti-virus software, they've gotten a few just in the past month...
My Dell is side-lined and awaiting a format after getting whacked by a viruses and a worm. My Powerbook is looking better and better everyday.
beefcake is offline   0 Reply With Quote
Old Aug 19, 2003, 06:37 PM   #17
Powerbook G5
macrumors 68040
 
Powerbook G5's Avatar
 
Join Date: Jun 2003
Location: St Augustine, FL
Send a message via AIM to Powerbook G5 Send a message via Yahoo to Powerbook G5
We have the same problem...our brand new Dell is dead and I just don't feel like doing a clean format and install *again*...man, I've had my PowerBook for over 4 years and only did a clean install once when I upgraded to OS 9...and this Dell is about 6 weeks old and already on its *third* format and reinstall...
__________________
iMac, therefore, iAm.
Powerbook G5 is offline   0 Reply With Quote
Old Aug 19, 2003, 07:05 PM   #18
Horrortaxi
macrumors 68020
 
Horrortaxi's Avatar
 
Join Date: Jul 2003
Location: Los Angeles
I've gotten about 50 of those today through the account I use for my website. It's public and it's in a lot of people's address books. The messages are the typical Windows "hey, I know you, you want to read this, if you don't understand just open the attachment, haha boy are you stupid" variety of virus. They're scr and pif files so they couldn't work on a Mac--unless you ran Windows in VPC. I've said it before and I'll say it again, 5% market share is a good thing.
Horrortaxi is offline   0 Reply With Quote
Old Aug 20, 2003, 12:30 AM   #19
beefcake
macrumors 6502
 
Join Date: Jun 2003
Location: Baltimore
Send a message via AIM to beefcake
I did a fresh format, wiped the hard drive clean and even reconfigured the BIOS- still can't shake the worm. It's getting ridiculous, I wonder if I replace the hardware will the worm still haunt my desk.
beefcake is offline   0 Reply With Quote
Old Aug 20, 2003, 12:55 AM   #20
Powerbook G5
macrumors 68040
 
Powerbook G5's Avatar
 
Join Date: Jun 2003
Location: St Augustine, FL
Send a message via AIM to Powerbook G5 Send a message via Yahoo to Powerbook G5
Is your email reinfecting your system?
__________________
iMac, therefore, iAm.
Powerbook G5 is offline   0 Reply With Quote
Old Aug 20, 2003, 12:59 AM   #21
beefcake
macrumors 6502
 
Join Date: Jun 2003
Location: Baltimore
Send a message via AIM to beefcake
No email, it was all wiped out in the format. I've been able to look into the problem using my PB, and it seems that I missed a critical Windows update and its biting me in the a**.
beefcake is offline   0 Reply With Quote
Old Jan 11, 2009, 04:25 PM   #22
wanderingnomore
macrumors newbie
 
Join Date: Jan 2009
Mac Email Virus??

I too have a problem involving apparent 'spamming' by someone who is using my email. I logged into my Yahoo email account yesterday and somehow it was used to send the following email message to everyone in my contact list:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dear friend,
The 2009 is coming and all will be perfect in our life -- Studying,working ,loving & shopping .HereYou can do brilliant business also. I would like to introduce you a very good company which i knew.Their website is www.doublewin-trade.com .They can offer you all kinds of electronical products which you need like laptops ,gps ,TV LCD,cell phones,ps3,MP3/4, etc... Please take some time to have a check ,there must be somethings you 'd like to purchase or you can do business with them to ean much money.
Their contact email: doublewin_trade@vip.188.com . MSN: doublewin-trade@hotmail.com
Hope you have a good starting of the new year !
Regards
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Is this a virus, or just someone was able to use my email account to send spam? Either way, how do I stop it or get rid of it? Also, what are the consequences for all the people it was sent to? I am using an iMac.

Thanks
wanderingnomore is offline   0 Reply With Quote
Old Jan 11, 2009, 04:27 PM   #23
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by wanderingnomore View Post
Is this a virus, or just someone was able to use my email account to send spam? Either way, how do I stop it or get rid of it? Also, what are the consequences for all the people it was sent to?

Thanks
Someone has stolen your password, change it now.
r.j.s is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
I think my mac as a virus PLEASE HELP houssein31 Mac Applications and Mac App Store 4 Mar 15, 2014 12:14 PM
The First Mac Virus? What do you think? Traverse OS X 10.8 Mountain Lion 6 Jun 4, 2013 05:02 PM
Virus Malware Email Spam? Jay Kayess Mac Basics and Help 2 Apr 15, 2013 05:38 PM
So my Mac just got a virus... Oral B OS X 4 Mar 10, 2013 06:25 AM
Virus on my Mac statesmire Mac Basics and Help 9 Nov 27, 2012 02:38 PM

Forum Jump

All times are GMT -5. The time now is 05:29 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC