Internet email spam and virus protection for Macs

Discussion in 'Mac Basics and Help' started by mrsotter, Aug 29, 2008.

  1. mrsotter macrumors newbie

    Aug 28, 2008
    Rome, Italy

    I am a new Mac user (first Mac purchased June 2008, Macbook 4.1) and am hoping to get some advice from some experienced Mac/tech folks on how to deal with what I assume is a virus/spam issue.

    Yesterday, my internet-based email account (yahoo) sent out a spam message from my account. I did not construct, write or receive the email prior to it being sent out. It went out to everyone in my address book.

    The message’s subject line read “good mood good shopping” and encouraged recipients to go to a website to buy electronics. Needless to say, people were not thrilled to get such spam from me. In addition to sending out this email, whatever caused it, wiped out my entire email address book in yahoo.

    I no longer have any of the email addresses of my contacts. I have had the account since 1998 (!) so you can imagine the frustration of losing all that information. Fortunately, I do have most of them in other spots, but as I travel and live abroad, it is very handy to have an internet-based account with all those addresses, accessible wherever I am.

    I should mention that the mailing occurred while I was away from the computer, but while I was remained logged into the yahoo account. No one could have had physical access to the computer itself, as it was in a locked apartment. But I wonder if somehow remaining logged in, and on-line left me vulnerable for this? I also have the Microsoft office suite on my computer, I need it for my work. I know these programs can be targets as well.

    I immediately changed the password on my yahoo account, deleted all the emails related to the message (I received a couple of copies as I had my own email address in my address book), and tried to contact those folks whose email addresses I could recall to warn them to delete. I also switched to a gmail account.

    I contacted yahoo, but unsurprisingly they could not offer much in the way of explanation or suggestions on how to prevent/rectify the situation.

    I also contacted Mac Support and ran tests on my harddrive to see if there was any damage. According to the tests we ran, my computer looks fine. While I am grateful for that, I am still concerned that I have not completely eliminated the problem.

    I have read the forum discussions debating the utility of installing an antivirus program on Macs, and understand that the general low to nonexistent level of risk of virus for Macs. However, given what has happened, I am not sure how to proceed. Part of why I switched to Mac was its generally low virus risk, and now I feel very vulnerable indeed. If it wasn’t a virus, what exactly was it that did this?

    I don’t open any dodgy websites and never open mail I don’t recognize; after 12 year of PC use, I am pretty well trained to avoid junk, so I doubt that it came in that way.

    All this background is to ask the following questions and ask for any advice on how to deal with this situation.

    1) Any idea on how this could have happened? Was it a virus/worm/trojan? Was it because I had my internet open? Is it possible to have a virus infect an email account, but not the computer itself?

    2) What additional steps should I take to mitigate the damage and further prevent this type of thing from happening in the future?

    3) If I invest in anti-virus protection software for my Mac, which one should I use/buy/download? Any recommendations/reviews/suggestions on where get more information ?

    Thanks for your help and time. I have found reading the forums very useful and hope someone has ideas for me.


  2. jsgrabo macrumors regular

    Feb 12, 2007
    1) it probably happened because you were sent to a website that posed as yahoo asking you to login in which case your email/password were "phished".

    2) As far as viruses/trojans go, you dont have to do anything. I've been on macs for ~12 years now and never installed any kind of anti-virus or anti-spyware software. nothing to worry about there. As far as spam goes, your operating system pretty much has nothing to do with it. that's all done through email. Just be careful to whom you give your email address to.
  3. GGJstudios macrumors Westmere


    May 16, 2008
    While not impossible, it's extremely unlikely that you have any sort of virus/trojan issue with your Mac. What is VERY likely is that someone hacked your Yahoo account, which happens quite frequently. If that is the case, it would have happened whether you were running Mac OS X or Windows or Linux.... your hardware and software have nothing to do with the security (or lack thereof) of Yahoo's mail system.
  4. mrsotter thread starter macrumors newbie

    Aug 28, 2008
    Rome, Italy
    Thanks for the info. Much appreciated.

    And thanks for reassuring me that I don't need anti-virus. This was one of the reasons I wanted to get away from PCs, so the thought of adding it was annoying me. I will make sure to better protect my internet mail accounts, and pray this was a one-off experience.

  5. Sherman Homan macrumors 6502

    Oct 27, 2006
    The above posters have it right. There are no viruses to worry about. It is possible to put anyone's account in the "reply to..." field without hacking your account. There is a possibility that someone did hack your account, so log into it and change the password to something really hard to break!
  6. Scepticalscribe Contributor


    Jul 29, 2008
    The Far Horizon
    I'm always glad to see this discussed on the forum, because, like the OP, it was one of the chief reasons I became a switcher. As a recent switcher, having come from the world of Windows where I was deluged daily with spam, and other unwelcome visitors - despite having invested in a pretty robust anti-virus/anti-spam/spyware/adware package (McAfee, for the record) which did reduce the daily tidal wave considerably - this is a matter of continuing concern to me, and one that I am very aware of.

    Others on the forum very kindly reassured me that virus attacks were exceptionally unusual on Mac, and recommended an anti-spam package for Mac (Spamsieve) which I now have. I still receive spam - but now it's binned, as Spamsieve - and my altered filter settings - also bin some of the legitimate news sources I subscribe to, which means checking Junk as well as my Inbox daily. A small price to pay for online security, in my view.
    Cheers and good luck
  7. operator207 macrumors 6502

    Jul 24, 2007
    It sounds like you need to train Spamsieve in regards to "false positives". I do not use Spamsieve I use SpamAssassin on my mailserver, so I could not tell you how to do it, but a simple google search shows that it is possible to train Spamsieve. If you can do it, so you stop getting the false positives your referring to in your second to last sentence.

    For SpamAssassin, it took quite a bit of training on some of the emails I would get. Since they were auto generated emails from Network/Systems Monitoring software and had odd an formatting.

    To the OP: Change your Yahoo Password! :)
  8. Scepticalscribe Contributor


    Jul 29, 2008
    The Far Horizon
    Thanks to operator207 for the advice. Having been recommended SpamSieve, (by kind souls on this forum) I downloaded the free 30 day trial version; is there any difference quality wise between SpamSieve and SpamAssassin (the name alone inspires enormous confidence)? If one is demonstrably better than the other, I'd happily purchase it.

    When I was in the world of Windows, I couldn't believe the vast numbers of people who would not buy protection packages; many did nothing, whereas others downloaded free software. To my mind, a decent package for around €50-60 meant that for the price of a euro a week, one ensured the best possible online protection for a computer.

    Training of the software sounds interesting. Have you any idea how one might go about doing it? I have transferred some of the news periodicals I subscribe to into my Inbox daily, but that does not seem to work the next day. (Incidentally, Spamsieve also thinks that MR belongs to the Junk folder, along with some of my subscriptions, so, this past week, I have spent some time in the Junk folder).

    I forgot to welcome the OP, mrsotter, to the forum and to the world of Mac, thus, apologies for that, and belated welcomes to you.

  9. operator207 macrumors 6502

    Jul 24, 2007
    Spamassassin is free. But its not as user friendly as Spamsieve. its really designed to run on the mail server, but can be run on a workstation.
    I have not tried it that way as my mailserver runs it for me.

    I do not want to hijack this thread, so i will not go further into this subject unless the OP asks for it. Make a thread with your questions, I will be happy to answer anything I can. However my experience is running it on a server, not as a service on a workstation.
  10. mrsotter thread starter macrumors newbie

    Aug 28, 2008
    Rome, Italy
    Please, hijack the thread! This discussion is really interesting.

    And thanks for the warm welcome folks.
  11. operator207 macrumors 6502

    Jul 24, 2007
    To train SpamSieve take a look here:

    Select you email client, and follow the instructions.

    As for training SpamAssassin, there are multiple ways, one is dedicating an email address on the server that the only email it receives is spam, and telling SpamAssassin to train off that. Or you can train it with a mailbox in mbox or maildir format manually on the commandline. Or you can do what I do, and have a script that runs against your "spam" folder in IMAP, does an grep for the line that says "Spam Status: No" (since it was not marked as spam, and delivered to you, but it is spam, and you put it in the spam directory) and trains off those emails. Do this once a minute, via a cron job, on a server that handles ~30k of mail a day, and it works, much bigger and you will start to have issues.

    I was a mail admin for an ISP (The commercial customer's side of the ISP, not residential customers, that was handled by someone else), so I spent many a day working to improve spam filtering.

    As an admin, I prefer to have the spam filtering done on the server. Less bandwidth used, allows all users on that server to train off each others spam. Its downside is that you have users that signed up for the Dell news letter, but marked it as spam. Some users want that news letter, and its a fight to get that mail or not if your filters are global. If you do it on the workstation side, your wasting more bandwidth by downloading the spam. But your doing the filtering there, so you do not have to worry about the global filter problem.

    You can run user filters on the server, and that is what I do for my server, train them globally, with ~50k of spam, and ~30k of ham (legit email), and you then split them into user filters. Also using blocklists as part of your filtering is a good way to increase your accuracy. Just do not weigh it to high in the config.

    The head mail admin I got my "chops" from, always said that spam filtering on a scale like this (our servers were processing ~1k of mail a minute in earily 2001) is easy, you just have to think 4th dimensionally. I think he liked Doc Brown from Back to the Future too much. ;)

    I am not sure how much I have helped any, or just confused the **** out of everyone. If you have any questions (like WTF are you smoking ;), just ask.

Share This Page