virus emails sent to .Mac account

Discussion in 'General Mac Discussion' started by garzy, Aug 27, 2003.

  1. garzy macrumors regular

    Joined:
    Dec 21, 2002
    #1
    Did anyone receive any emails containg this .pif virus in their .mac account? I got 3 emails today from addresses like @hotmail.com, @microsoft.com, and @rf.com containing what was obviously a virus. I didnt open them, as I was checking from a PC. Do I need to have concern about my account being hijacked and used to send these messages containing visuses?
     
  2. evolu macrumors regular

    Joined:
    Dec 10, 2002
    Location:
    LA la land...
    #2
  3. zimv20 macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #3
    Re: virus emails sent to .Mac account

    not necessarily. it means that there are infected computers (PCs) that have your email in the address book.

    but if you're using a PC, you should ensure you've run all your windows updates and are up-to-date on your virus protection.

    from what i understand, Norton Anti-virus, w/ LiveUpdate enabled, updates its virus definitions every 4 hours.
     
  4. garzy thread starter macrumors regular

    Joined:
    Dec 21, 2002
    #4
    But theses are addresses that I have never seen, people ive never received mail from.
     
  5. Farside161 macrumors member

    Joined:
    Sep 12, 2002
    Location:
    Portland, OR
    #5
    its called the sobig.f virus, your email was found somewere and messages where sent from random computers to try to infect you, don't worry it wont effect your mac.
     
  6. rainman::|:| macrumors 603

    rainman::|:|

    Joined:
    Feb 2, 2002
    Location:
    iowa
    #6
    just delete them, ignore them. you can open them on a mac without problems, but it's pointless. pretend they're spam, nothing more.

    pnw
     
  7. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #7
    FYI

    FYI just in case someone gets this. You may receive e-mails from either mail servers or users saying that you sent out an e-mail with an infected file.
    Sobig is smart enough to bring its own SMTP engine with it so it can actually spoof an e-mail address such as any @mac.com address which in turn causes the recipient of the e-mail to think you sent them a virus.
    Sorry but this is a brilliant worm. Evil but brilliant.
     
  8. garzy thread starter macrumors regular

    Joined:
    Dec 21, 2002
    #8
    That is what im worried about! I am worried that it will mock my address and send emails to people that I have previously contacted with my .mac email account. So that can happe?
     
  9. Gus macrumors 65816

    Gus

    Joined:
    Jan 1, 2002
    Location:
    Minnesota
    #9
    My wife has received 17 of the same e-mails in the last 3 days, and she has been worried about her account infecting others also. Funny that I haven't received even one of them. Weird.

    Regards,
    Gus
     
  10. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #10

    Yep. I forgot to add one other feature this worm has. Unlike most mail worms and viruses this thing also goes through any HTML files, txt files, hlp files and a few other types in addition to your contact list in MS Lookout. So if you have a browser cache of web pages and there is a link in there is could possibly read webmaster@company.com and use that address among others.

    Unless someone pays particular attention to the headers of the e-mail and watches where the e-mail originates they could easily think it’s from you. The funky thing is that where I work people were getting e-mail from addresses that they've never even heard of simply because whoever has you in their contacts list most likely has other people/contacts/businesses that you've never even heard of. This is why this worm is causing such a major headache. Its flooding mail servers with phony e-mails and the kicker? Unless the ISP takes the time to track down the IP of where the original e-mail came from and NOT the address there is no way to warn the poor SOB who's sending out these e-mails. (Either that or start sniffing SMTP port activity on thir networks for massive traffic. General rule of thumb most people aren’t running mail servers on their home puter.) Again brilliant. It doesn’t take a mastermind to think up something like this but to implement it is another matter. This worm might not have spread so fast if it wasn’t also for the fact that in addition to spreading via e-mail it uses the RPC hole that has been talked about the past few weeks. So it can not only spread to your computer but any other computer on your network and doubly repeat the above process.

    This worm is making my life a living hell with all the patches but at the same time I have a permanent smirk on my face. Anything that gives MS a black eye and possible increases Apple’s market share is a good thing. I just wish it didn’t have to be under such harsh conditions. The only saving grace of Sobig and Blaster is that its payload, or what it actually does to the system, can be fixed without much permanent harm.
    Whoever’s been putting these things out wasn’t trying to destroy data. They were trying to wake MS and the public at large to the lack of security in Windows. Considering that this made front-page news on the Star Tribune here in MN and on the nightly new broadcast I would say mission accomplished.
     
  11. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
  12. garzy thread starter macrumors regular

    Joined:
    Dec 21, 2002
    #12
    I AM EMAILING THIS VIRUS TO OTHERS!!!!

    I am emailing this virus to others! How do i stop it?

    here is a copy of an email i received today...


    From: Mail Delivery System <Mailer-Daemon@neutron.liquidweb.com>

    To: <garzysemail@mac.com>
    Date: Fri Aug 29, 2003 02:23:39 PM EDT
    Subject: Mail delivery failed: returning message to sender





    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    andy@esioncentral.com
    This message has been rejected because it has
    a potentially executable attachment "application.pif"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <garzysemail@mac.com>
    Received: from ["my ip address here"] (helo=OKYOS)
    by neutron.liquidweb.com with esmtp (Exim 4.20)
    id 19snu6-0006QV-6Q
    for andy@esioncentral.com; Fri, 29 Aug 2003 14:23:22 -0400
    From: <garzysemail@mac.com>
    To: <andy@esioncentral.com>
    Subject: Re: That movie
    Date: Fri, 29 Aug 2003 14:23:25 --0400
    X-MailScanner: Found to be clean
    Importance: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MSMail-Priority: Normal
    X-Priority: 3 (Normal)
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="_NextPart_000_006CD166"
    Message-Id: <E19snu6-0006QV-6Q@neutron.liquidweb.com>

    This is a multipart message in MIME format

    --_NextPart_000_006CD166
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: 7bit

    See the attached file for details
    --_NextPart_000_006CD166
    Content-Type: application/octet-stream;
    name="application.pif"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="application.pif"

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
    ZGUuDQ0KJAAAAAAAAADToEjPl8EmnJfBJpyXwSacFN0onI3BJpx/3iyc7cEmnMHeNZyawSacl8Em
    nJTBJpyXwSecBsEmnPXeNZyawSacf94tnI3BJpxSaWNol8EmnAAAAAAAAAAAAAAAAAAAAABQRQAA
    TAEEAF2zPz8AAAAAAAAAAOAADwELAQYAAAAAAABwAAAAAAAA1usBAAAQAAAAYAEAAABAAAAQAAAA
    AgAABAAAAAAAAAAEAAAAAAAAAAAAAgAAEAAAF/EBAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAA
    AAAAAAAAAAAAAOLrAQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfuwBAAgAAAAAAAAAAAAA...(a bunch of numbers/letters continue from here)
     
  13. garzy thread starter macrumors regular

    Joined:
    Dec 21, 2002
    #13
    my home ip address was where i substituted "my ip address"

    how can i stop this from using my .mac account???!!

    please help

    thanks
     
  14. Rower_CPU Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #14
    garzy, if you look at SiliconAddicts posts above, you will see that Sobig can "steal" email addresses.

    Your .mac account is not infected.

    Between this, Blaster and Nachi, our campus network has been loads of fun this summer. :rolleyes:
     
  15. Schiffi macrumors 6502a

    Schiffi

    Joined:
    May 22, 2003
    Location:
    Missouri
    #15
    Yeah, and now all the windows users are using firewalls so now I can't get music off their Hard drives. grrrrrr
     
  16. Xero macrumors 6502

    Joined:
    Dec 2, 2002
    Location:
    Los Angeles
    #16
    i havent seen a single virus in my account all summer, woohoo!:D

    ...kinda surprising to be honest
     
  17. SiliconAddict macrumors 603

    SiliconAddict

    Joined:
    Jun 19, 2003
    Location:
    Chicago, IL
    #17
    Found this on Mac OS hints:

     
  18. evolu macrumors regular

    Joined:
    Dec 10, 2002
    Location:
    LA la land...
    #18
    And the virus has a sense of humor - It signed up a friend to an anger management newsletter!

    btw - I linked the above hint in my first reply... Worked well for me.
     

Share This Page