Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Email viral links from a Mac?

P

pbfiddler

macrumors newbie
Original poster
May 3, 2010
2
0
My apologies--I know there must be a better place to post than in Community but since Macs don't generally have issues with viruses....
I'm unfortunately not a Mac user--work supplied computer, and it is Windows 7.
I've been receiving numerous (as in 40 or 50) emails in the last few days "from" a colleague who is on a Mac that are obviously not from him, with viral links.
I'm not really sure how this happens on a Mac, or how I can stop receiving/he can stop the emails from being sent. His ISP appears to be AOL.
He's not particularly computer savvy (he has difficulty opening attachments, etc), and when I called him, his response was that since it is a Mac he doesn't think it's from him. I don't think he's checked into it any further, assuming that it has nothing to do with him. But I'm still being overwhelmed with emails "from" him (or someone spoofing his email at any rate)
Any thoughts as to what is happening and how to handle it?
Thanks so much!
pbfiddler, wishing she were on mac! :)
 
There's a lot of variable at play here. You need to look at the headers of the emails and check where they are actually come from. They may not be from him or his Mac at all.

They could be from someone else in your office who is on a Windows box and got compromised and it's using that person's address book to spread spam spoofing To: and From: fields from it.
 
yellow said:
There's a lot of variable at play here. You need to look at the headers of the emails and check where they are actually come from. They may not be from him or his Mac at all.

They could be from someone else in your office who is on a Windows box and got compromised and it's using that person's address book to spread spam spoofing To: and From: fields from it.
Click to expand...

Hmm..I work out of my home, am the only paid employee for a small nonprofit.

I've been permanently deleting them once they come in, so when I receive the next one I'll compare the full headers against an email that is from him.

Given that it's only my computer, I'm unsure...plus I was getting these emails from him before I did a clean reinstall on my system, and continue to receive them since the reinstall as well (compatibility issues with 32 bit software and a 64 bit computer)

How might AOL figure into this?

Thanks,
Renee
 
Basically, they're probably e-mails being sent from a "bot-net" and disguised to look like they're coming from your friend's AOL account. How much AOL has to do with the problem, I'm not really sure (I have an AOL e-mail account, which I never use, and I've never had any problems with it nor been accused of sending spam from it).

I'm not really sure what can be done. Contacting AOL's support might help, but it's pretty unlikely. Your friend may want to consider closing the account down and/or starting a new account with a different e-mail address, but this probably won't stop the e-mails from being sent to you using the spam address. At least, though, this way, you can spam filter the e-mails from his/her old account.
 
AOL is just like pretty much any other Mail server- you can view it on the web or use a local Mail client to access your messages. Just because you are getting e-mail messages from his account doesn't mean that they are being sent from his Mac- this is very unlikely. Depending on the headers his account might have been compromised, though.
 
miles01110 said:
It's an AOL problem. Tell him to abandon AOL like the rest of the world.
Click to expand...

miles01110 said:
AOL is just like pretty much any other Mail server
Click to expand...

So semi-OT, but I'm curious about this part... I remember in the "old days" why people hated AOL. But in this kind of spamming, which most likely is coming from somewhere else on the internet using spoofed accounts, is there still a way in which AOL in particular is contributing to the problem? (I have noticed that a lot of spam also seems to come from ... possibly spoofed? Yahoo accounts.)
 
It is really more about identifying the host(s) that sent/forwarded the email than the perceived source via the From: field. I'm guessing it's very unlikely to actually have come from AOL and more likely to have come from someone's zombified Windows box.
 
mkrishnan said:
But in this kind of spamming, which most likely is coming from somewhere else on the internet using spoofed accounts, is there still a way in which AOL in particular is contributing to the problem? (I have noticed that a lot of spam also seems to come from ... possibly spoofed? Yahoo accounts.)
Click to expand...

I don't know the details, but the answer is certainly lax security measures. I too notice lots of spammish-type messages from Yahoo accounts, as well as AOL, hotmail, and pretty much every other free e-mail service. Interestingly I don't get as much pure "spoofed" spam messages from GMail addresses, but several times I've gotten messages on my Gmail account(s) that I shouldn't have gotten: my Gmail address is something like myaddress@gmail, but I get messages addressed to my.address@gmail (for example).
 
I get email like this claiming to be from my friends with hotmail all the time. They don't necessarily have to have their machine compromised. It's likely a spammer at one point hacked their account and stole their contact list.
 
richardjames said:
Google ignores full stops in email addresses. If you have myaddress@gmail.com you also have m.y.add.ress@gmail.com and any similar.
Click to expand...

Well that's good to know, and extremely annoying. No offense to the Whitehurst Rec Kickball league, but my dues are not overdue thank you very much :p

jaw04005 said:
I get email like this claiming to be from my friends with hotmail all the time. They don't necessarily have to have their machine compromised. It's likely a spammer at one point hacked their account and stole their contact list.
Click to expand...

That's not the situation. The e-mails appear to be coming from the friend's exact e-mail address, not claiming to be a friend in the body of the message.
 
Does that email address get used for things like MSN Messenger accounts? A lot of the time that seems to be where virus emails come from.
 
miles01110 said:
That's not the situation. The e-mails appear to be coming from the friend's exEact e-mail address, not claiming to be a friend in the body of the message.
Click to expand...

Did I mention anything about the body of the message?
 
miles01110 said:
No, but you won't be able to reproduce the situation at hand simply by stealing a contact list, as I stated before. Think about it, or maybe go back and read the original post.
Click to expand...

Why not? This used to happen all the time with Outlook. A person's Winbox gets compromised, the contact list gets grabbed, and the remailer starts sending out spams to people on the contact list from people on the contact list.

EDIT: Oh, I see.. I went back and re-read. It's HIGHLY unlikely that a computer was physically compromised simply to steal a contact list. Much more likely that it was an automated malware functionality.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back