Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

petalino

macrumors regular
Original poster
Nov 21, 2010
224
25
My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?
Can anyone help?

Thanks in advance
 

chrfr

macrumors G5
Jul 11, 2009
13,492
6,981
did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

This. Change the password immediately to something stronger, and unique to that service.
 

petalino

macrumors regular
Original poster
Nov 21, 2010
224
25
I already told her this and she just did it.

I am not sure however if someone really stole her password.
Is't it malware that nests itself on her computer and starts sending out Spam using her email account when she logs in even with a new password?

This. Change the password immediately to something stronger, and unique to that service.
 

fat jez

macrumors 68020
Jun 24, 2010
2,083
614
Glasgow, UK
it could equally be one of her friends who has her email address in her contact book and who has a virus (unlikely if the mails are in her sent folder). I can set a reply address of whatever I want and send mail through my mail server.

It could also be that she has logged into her account through another PC which had a key logger running and which snagged her password and login name.

As others said, get her to change her password to something secure (mix of letters, numbers and punctuation). I'd say it's unlikely to be something on her Mac, Mac malware is pretty rare.
 

kaielement

macrumors 65816
Dec 16, 2010
1,242
74
In most cases just changing the password should solve the issue. I had something like this happen a few years back. Never found out how it started but changing my password fixed the issue.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,541
942
I already told her this and she just did it.

I am not sure however if someone really stole her password.
Is't it malware that nests itself on her computer and starts sending out Spam using her email account when she logs in even with a new password?
It's not malware. Her email account was hacked, which has nothing to do with her computer. That could happen even if she didn't own a computer. Make sure all passwords are long and complex, using special characters, numbers and upper and lower case letters.

 

Mr. Retrofire

macrumors 603
Mar 2, 2010
5,064
518
www.emiliana.cl/en
This. Change the password immediately to something stronger, and unique to that service.
He/she should change also the answers to the security question(s), which e-mail providers use to reset the account password. The answers should be random strings, 32 characters long or longer. He/she should NOT store the security answers to the security questions on the computer.
 

switon

macrumors 6502a
Sep 10, 2012
636
1
RE: email contacts...

My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?
Can anyone help?

Thanks in advance

Hi petalino,

Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...

The reason I ask is because an email hack has been making the rounds where the email malware contains code to sends a victim's Contacts to about five different servers around the world. Depending upon whether the victim's email account is set to automatically execute code in emails (and I believe Yahoo email does so by default), the victim may not even have needed to click on anything in the email malware, simply opening the email would be enough to trigger the execution of the code to upload the Contacts. These other servers then send email to those contacts making it appear that the emails (spoofed) were from the victim. But they aren't, they originate from those servers ...

So, once the victim's Contacts has been uploaded, there is little or nothing that you can do to stop the subsequent Spam, except contact your contacts yourself and explain what has happened.

Good luck,
Switon
 

Bear

macrumors G3
Jul 23, 2002
8,088
5
Sol III - Terra
...
Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...
...
If it's in the Yahoo sent folder, it doesn't have to be from her computer, it could be from anyone using her Yahoo account.

My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.
...
A lot of Yahoo accounts have been hacked in the past year. Changing the password and security questions is the way to go. And also make sure that any additional email addresses associated with the yahoo account are hers.

It's in all likelihood not her computer.
 

CarreraGuy

macrumors regular
Jan 15, 2013
149
0
If this was a CSRF this *shouldn't* happen anymore according to Yahoo. Yahoo email was susceptible to Cross Site Request Forgery, this happens when you visit a "questionable site" like I did when I tried to watch a live NFL game online :eek:

I had two tabbed browsers open: my logged in yahoo email session and the site in question. The questionable site used Javascript to send out emails on my behalf while I was logged in to my yahoo email. In this case they didn't need to know my password since I was already logged in but I changed it anyway.

If this is what happened to you it shouldn't happen anymore. And if she visits sites with a large amount of ads I would disable Javascript - Google "NoScript" it's a handy browser plugin utility.
 

USAntigoon

macrumors regular
Feb 13, 2008
240
970
Rochester Hills, MI
Yahoo email hacking

My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

Any ideas?

Can anyone help?

Thanks in advance

I had the same thing happening to me by clicking on a link in an email from a friend (lesson learned now..).. From what I understand (I am not an iMac geek) this link, once clicked open, triggered the following events..It found a way back via the cookies (holding your log in info for the yahoo pop server) into your Yahoo account and hijacked your "contacts" which you have in the account (not the iMac contacts) This contact list was used to sent the malware URL to your contacts.. I checked this via the "sent" tab on the Yahoo server..and found these malicious emails.. I didn't found them in the "sent" folder of my Safari mailer..
I deleted that "contact" list for my yahoo accounts and changed the PW..
Still don't understand why my famous Intego VirusBarrier 2013 did not detect that..
Also did a full scan with Intego and found nothing.. :confused:

----------

Hi petalino,

Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...

The reason I ask is because an email hack has been making the rounds where the email malware contains code to sends a victim's Contacts to about five different servers around the world. Depending upon whether the victim's email account is set to automatically execute code in emails (and I believe Yahoo email does so by default), the victim may not even have needed to click on anything in the email malware, simply opening the email would be enough to trigger the execution of the code to upload the Contacts. These other servers then send email to those contacts making it appear that the emails (spoofed) were from the victim. But they aren't, they originate from those servers ...

So, once the victim's Contacts has been uploaded, there is little or nothing that you can do to stop the subsequent Spam, except contact your contacts yourself and explain what has happened.

Good luck,
Switon


Makes a lot of sense....that is in line with what I experienced, as outlined in my previous post.. Thanks for sharing..
 

USAntigoon

macrumors regular
Feb 13, 2008
240
970
Rochester Hills, MI
Intego VirusBarrier 2013

Earlier in the year I upgraded my VirusBarrier X6 to the new "fancy" 2013 version.. I got zapped with that malware which got the cookie info etc.. VirusBarrier is worthless..Come to find out that the 2013 version is a "chopped down" version of the VirusBarrier X6...All these guys seem to love cutting corners..
Will look into something else now..
 

GGJstudios

macrumors Westmere
May 16, 2008
44,541
942
Earlier in the year I upgraded my VirusBarrier X6 to the new "fancy" 2013 version.. I got zapped with that malware which got the cookie info etc.. VirusBarrier is worthless..Come to find out that the 2013 version is a "chopped down" version of the VirusBarrier X6...All these guys seem to love cutting corners..
Will look into something else now..
3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link. Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.