Is there a spambot hiding on my Mac?

Discussion in 'Mac Basics and Help' started by orvn, Oct 24, 2012.

  1. orvn macrumors 6502

    Joined:
    Jan 11, 2011
    Location:
    Toronto, Canada
    #1
    My Facebook account appears to be sending SPAM links via message to groups of friends. Note the sample screenshot below from a friend's account.

    I'm wondering if the culprit is a SPAM bot on my Mac. How could I test for this?


    * * *​

    Details:

    I'm a really cautious internet user.

    I don't click on suspicious URLs, us, my Firefox add-ons are all very reputable and I went into my Facebook right away, changed my password and blocked every app except those from major publishers.

    A day later the SPAM links were sent out again.

    I can't actually see the SPAM messages I'm sending out within Facebook (to groups of 6 friends at a time), but I get email notifications in Gmail that contain any message I send or receive.

    One of the links that I'm SPAMMing out appears as follows:

    Code:
    http://facebook.com/l.php?u=http://roobyjotero.com/wp-content/plugins/creatives.php?uowc
    This "roobyjotero.com" appears to be an older Wordpress install that has been compromised. Several pages on this site redirect to the target SPAM domain.

    [​IMG]
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Clear your browser's cache and cookies.
    If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?
     
  3. orvn thread starter macrumors 6502

    Joined:
    Jan 11, 2011
    Location:
    Toronto, Canada
    #3
    Okay, I set my router up with OpenDNS.

    Used to use it, but I stopped some time ago because I didn't like their "website unavailable" search page.

    Anyways, they do Malware reporting right? Hopefully I find something.

    Any other tips?
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    Follow the recommendations in the "What security steps should I take?" section of the following:

    Mac Virus/Malware FAQ
     
  5. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #5
    I'm not certain what you mean here. Facebook messages are being sent from your Facebook account to other Facebook users? If that is so, then disconnect your computer from the internet for an extended time. If these messages continue to go out, as I suspect they will, then it has nothing to do with your computer. If they stop, then resume once you have connected, then it's a possibility you have a rogue Facebook-Message-Sending-Bot lurking on your Mac.
     
  6. orvn thread starter macrumors 6502

    Joined:
    Jan 11, 2011
    Location:
    Toronto, Canada
    #6
    They definitely only occur when my machine is connected. Sorry, that's something I ought to have mentioned in my original post.

    Yes, hence the thread.

    The issue is that I can't find the bot. Any ideas? Tried ClamXAV. Contemplating the new Avast! for OS X.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Unless you installed it yourself or let someone else install it, it's extremely unlikely that you have any spambot or other malware on your Mac.
     
  8. orvn thread starter macrumors 6502

    Joined:
    Jan 11, 2011
    Location:
    Toronto, Canada
    #8
    It appears to only distribute the SPAM when I'm logged in to Facebook and have a tab open.. Ideas? Could be a Firefox issue, but I have no rogue addons.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    The JavaScript Blocker extension on Safari or the NoScript extension for Firefox allows control over what JavaScripts can run on a site. You might try that to block any unwanted scripts.
     
  10. hanten, Oct 25, 2012
    Last edited: Oct 25, 2012

    hanten macrumors newbie

    Joined:
    Oct 25, 2012
    #10
    Having the same problem

    I'm having the same problem with my FB account and trying to find any answers. It's been going on for three days. Same kind of links - weird blogs with "creatives.php" at the end.

    I do not have a Mac, but I use FB on my iPad, iPhone 5 and home PC.

    The messages seem to go to about 8 - 10 people at a time. I only know about it because I get email notifications when one of them "leaves" the conversation.

    ----------

    Also I do not use Firefox. Using Chrome on the PC and of course Safari on IOS 6 devices.
     
  11. hanten macrumors newbie

    Joined:
    Oct 25, 2012
    #11
    I should mention

    I should mention a crazy theory I have, though... This all started about the time I joined a hotel WiFi network a few days ago...
     
  12. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #12
    If you didn't use the https version of the login which isn't the default, then someone on the network could have sniffed your login credentials.
     
  13. hanten macrumors newbie

    Joined:
    Oct 25, 2012
    #13
    I guess in my example, I use https on the web version -- and the official apps on IOS 6 devices. I changed passwords and revoked permission to every app except Spotify and I was still pushing out spam this afternoon.
     
  14. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #14
    How complex is your password?

    Upper and lower case alphabet?

    Numbers?

    And symbols?

    At least one of each with minimum length of 8 characters?
     
  15. hanten macrumors newbie

    Joined:
    Oct 25, 2012
    #15
    Yes, I use LastPass to generate secure passwords and FB is very strong. Way more than 8 characters and using all types of characters.
     
  16. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #16
    Ever log into FB from a public computer?
     
  17. hanten macrumors newbie

    Joined:
    Oct 25, 2012
    #17
    I guess I don't think it's a password problem. I've changed it three times in the last three days. I've required devices to declare themselves. I've cancelled all actives sessions....
     
  18. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #18
    Maybe the Facebook web app has been compromised. It has been before.

    This would explain many users being affected without malware being involved.
     
  19. scgustin macrumors newbie

    Joined:
    Nov 2, 2012
    #19
    Any updates to this? I saw the same problem about a week ago. I changed my password several times and it didn't help - so I deactivated my Facebook account for a week.

    I just reactivated it yesterday and again today, I apparently sent out messages.

    I have uninstalled all Facebook apps, run virus/spam checkers on all computers and changed my password again multiple times. I'm totally stumped.

    :confused:
     

Share This Page