Is there a spambot hiding on my Mac?

orvn

macrumors 6502
Original poster
Jan 11, 2011
255
0
Toronto, Canada
My Facebook account appears to be sending SPAM links via message to groups of friends. Note the sample screenshot below from a friend's account.

I'm wondering if the culprit is a SPAM bot on my Mac. How could I test for this?


* * *​

Details:

I'm a really cautious internet user.

I don't click on suspicious URLs, us, my Firefox add-ons are all very reputable and I went into my Facebook right away, changed my password and blocked every app except those from major publishers.

A day later the SPAM links were sent out again.

I can't actually see the SPAM messages I'm sending out within Facebook (to groups of 6 friends at a time), but I get email notifications in Gmail that contain any message I send or receive.

One of the links that I'm SPAMMing out appears as follows:

Code:
http://facebook.com/l.php?u=http://roobyjotero.com/wp-content/plugins/creatives.php?uowc
This "roobyjotero.com" appears to be an older Wordpress install that has been compromised. Several pages on this site redirect to the target SPAM domain.

 

orvn

macrumors 6502
Original poster
Jan 11, 2011
255
0
Toronto, Canada
Comment

BrianBaughn

macrumors 604
Feb 13, 2011
6,615
1,053
Baltimore, Maryland
I'm not certain what you mean here. Facebook messages are being sent from your Facebook account to other Facebook users? If that is so, then disconnect your computer from the internet for an extended time. If these messages continue to go out, as I suspect they will, then it has nothing to do with your computer. If they stop, then resume once you have connected, then it's a possibility you have a rogue Facebook-Message-Sending-Bot lurking on your Mac.
 
Comment

orvn

macrumors 6502
Original poster
Jan 11, 2011
255
0
Toronto, Canada
I'm not certain what you mean here. Facebook messages are being sent from your Facebook account to other Facebook users? If that is so, then disconnect your computer from the internet for an extended time. If these messages continue to go out, as I suspect they will, then it has nothing to do with your computer.
They definitely only occur when my machine is connected. Sorry, that's something I ought to have mentioned in my original post.

If they stop, then resume once you have connected, then it's a possibility you have a rogue Facebook-Message-Sending-Bot lurking on your Mac.
Yes, hence the thread.

The issue is that I can't find the bot. Any ideas? Tried ClamXAV. Contemplating the new Avast! for OS X.
 
Comment

GGJstudios

macrumors Westmere
May 16, 2008
44,427
764
The issue is that I can't find the bot. Any ideas? Tried ClamXAV. Contemplating the new Avast! for OS X.
Unless you installed it yourself or let someone else install it, it's extremely unlikely that you have any spambot or other malware on your Mac.
 
Comment

orvn

macrumors 6502
Original poster
Jan 11, 2011
255
0
Toronto, Canada
Unless you installed it yourself or let someone else install it, it's extremely unlikely that you have any spambot or other malware on your Mac.
It appears to only distribute the SPAM when I'm logged in to Facebook and have a tab open.. Ideas? Could be a Firefox issue, but I have no rogue addons.
 
Comment

GGJstudios

macrumors Westmere
May 16, 2008
44,427
764
It appears to only distribute the SPAM when I'm logged in to Facebook and have a tab open.. Ideas? Could be a Firefox issue, but I have no rogue addons.
The JavaScript Blocker extension on Safari or the NoScript extension for Firefox allows control over what JavaScripts can run on a site. You might try that to block any unwanted scripts.
 
Comment

hanten

macrumors newbie
Oct 25, 2012
5
0
Having the same problem

I'm having the same problem with my FB account and trying to find any answers. It's been going on for three days. Same kind of links - weird blogs with "creatives.php" at the end.

I do not have a Mac, but I use FB on my iPad, iPhone 5 and home PC.

The messages seem to go to about 8 - 10 people at a time. I only know about it because I get email notifications when one of them "leaves" the conversation.

----------

Also I do not use Firefox. Using Chrome on the PC and of course Safari on IOS 6 devices.
 
Last edited:
Comment

hanten

macrumors newbie
Oct 25, 2012
5
0
I should mention

I should mention a crazy theory I have, though... This all started about the time I joined a hotel WiFi network a few days ago...
 
Comment

munkery

macrumors 68020
Dec 18, 2006
2,217
1
I should mention a crazy theory I have, though... This all started about the time I joined a hotel WiFi network a few days ago...
If you didn't use the https version of the login which isn't the default, then someone on the network could have sniffed your login credentials.
 
Comment

hanten

macrumors newbie
Oct 25, 2012
5
0
I guess in my example, I use https on the web version -- and the official apps on IOS 6 devices. I changed passwords and revoked permission to every app except Spotify and I was still pushing out spam this afternoon.
 
Comment

munkery

macrumors 68020
Dec 18, 2006
2,217
1
I guess in my example, I use https on the web version -- and the official apps on IOS 6 devices. I changed passwords and revoked permission to every app except Spotify and I was still pushing out spam this afternoon.
How complex is your password?

Upper and lower case alphabet?

Numbers?

And symbols?

At least one of each with minimum length of 8 characters?
 
Comment

hanten

macrumors newbie
Oct 25, 2012
5
0
How complex is your password?

Upper and lower case alphabet?

Numbers?

And symbols?

At least one of each with minimum length of 8 characters?
Yes, I use LastPass to generate secure passwords and FB is very strong. Way more than 8 characters and using all types of characters.
 
Comment

hanten

macrumors newbie
Oct 25, 2012
5
0
I guess I don't think it's a password problem. I've changed it three times in the last three days. I've required devices to declare themselves. I've cancelled all actives sessions....
 
Comment

munkery

macrumors 68020
Dec 18, 2006
2,217
1
I guess I don't think it's a password problem. I've changed it three times in the last three days. I've required devices to declare themselves. I've cancelled all actives sessions....
Maybe the Facebook web app has been compromised. It has been before.

This would explain many users being affected without malware being involved.
 
Comment

scgustin

macrumors newbie
Nov 2, 2012
1
0
Any updates to this? I saw the same problem about a week ago. I changed my password several times and it didn't help - so I deactivated my Facebook account for a week.

I just reactivated it yesterday and again today, I apparently sent out messages.

I have uninstalled all Facebook apps, run virus/spam checkers on all computers and changed my password again multiple times. I'm totally stumped.

:confused:
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.