My girlfriend's MacBook Air is sending out spam ads

Discussion in 'macOS' started by petalino, Jan 16, 2013.

  1. petalino macrumors regular

    Nov 21, 2010
    My girlfriend's Yahoo Mail sent folder suddenly shows a bunch of advertising emails that she never sent.

    I suspect that she must have clicked on something in an email sent to her and now her Mac is sending the virus out to all of her contacts (SURPRISINGLY NOT TO ME).

    As I never had to deal with this problem, because I never click on anything suspicious, I really do not know how to help her get rid of this malware.

    How does this work anyway? Will her Mac be sending out Spam when she logs into her Yahoo account, or did someone snatch her Yahoo password and it is going to be happening even when she is not logged into her Yahoo Mail account?

    Any ideas?
    Can anyone help?

    Thanks in advance
  2. chrfr macrumors 604

    Jul 11, 2009
    This. Change the password immediately to something stronger, and unique to that service.
  3. petalino thread starter macrumors regular

    Nov 21, 2010
    I already told her this and she just did it.

    I am not sure however if someone really stole her password.
    Is't it malware that nests itself on her computer and starts sending out Spam using her email account when she logs in even with a new password?

  4. fat jez macrumors 68000

    fat jez

    Jun 24, 2010
    Glasgow, UK
    it could equally be one of her friends who has her email address in her contact book and who has a virus (unlikely if the mails are in her sent folder). I can set a reply address of whatever I want and send mail through my mail server.

    It could also be that she has logged into her account through another PC which had a key logger running and which snagged her password and login name.

    As others said, get her to change her password to something secure (mix of letters, numbers and punctuation). I'd say it's unlikely to be something on her Mac, Mac malware is pretty rare.
  5. kaielement macrumors 65816

    Dec 16, 2010
    In most cases just changing the password should solve the issue. I had something like this happen a few years back. Never found out how it started but changing my password fixed the issue.
  6. cambookpro macrumors 603


    Feb 3, 2010
    United Kingdom
    Would be really, really surprised if it was some malware doing it. As others said, change the password and she should be fine.
  7. GGJstudios macrumors Westmere


    May 16, 2008
    It's not malware. Her email account was hacked, which has nothing to do with her computer. That could happen even if she didn't own a computer. Make sure all passwords are long and complex, using special characters, numbers and upper and lower case letters.

  8. Mr. Retrofire macrumors 603

    Mr. Retrofire

    Mar 2, 2010
    He/she should change also the answers to the security question(s), which e-mail providers use to reset the account password. The answers should be random strings, 32 characters long or longer. He/she should NOT store the security answers to the security questions on the computer.
  9. switon macrumors 6502a

    Sep 10, 2012
    RE: email contacts...

    Hi petalino,

    Are you positive that it is your girlfriend's Mac that is sending out the Spam? It sounds like perhaps it is, especially if the emails are in her Sent folder, but then again...

    The reason I ask is because an email hack has been making the rounds where the email malware contains code to sends a victim's Contacts to about five different servers around the world. Depending upon whether the victim's email account is set to automatically execute code in emails (and I believe Yahoo email does so by default), the victim may not even have needed to click on anything in the email malware, simply opening the email would be enough to trigger the execution of the code to upload the Contacts. These other servers then send email to those contacts making it appear that the emails (spoofed) were from the victim. But they aren't, they originate from those servers ...

    So, once the victim's Contacts has been uploaded, there is little or nothing that you can do to stop the subsequent Spam, except contact your contacts yourself and explain what has happened.

    Good luck,
  10. Bear macrumors G3

    Jul 23, 2002
    Sol III - Terra
    If it's in the Yahoo sent folder, it doesn't have to be from her computer, it could be from anyone using her Yahoo account.

    A lot of Yahoo accounts have been hacked in the past year. Changing the password and security questions is the way to go. And also make sure that any additional email addresses associated with the yahoo account are hers.

    It's in all likelihood not her computer.
  11. CarreraGuy macrumors regular


    Jan 15, 2013
    If this was a CSRF this *shouldn't* happen anymore according to Yahoo. Yahoo email was susceptible to Cross Site Request Forgery, this happens when you visit a "questionable site" like I did when I tried to watch a live NFL game online :eek:

    I had two tabbed browsers open: my logged in yahoo email session and the site in question. The questionable site used Javascript to send out emails on my behalf while I was logged in to my yahoo email. In this case they didn't need to know my password since I was already logged in but I changed it anyway.

    If this is what happened to you it shouldn't happen anymore. And if she visits sites with a large amount of ads I would disable Javascript - Google "NoScript" it's a handy browser plugin utility.
  12. USAntigoon macrumors regular


    Feb 13, 2008
    Rochester Hills, MI
    Yahoo email hacking

    I had the same thing happening to me by clicking on a link in an email from a friend (lesson learned now..).. From what I understand (I am not an iMac geek) this link, once clicked open, triggered the following events..It found a way back via the cookies (holding your log in info for the yahoo pop server) into your Yahoo account and hijacked your "contacts" which you have in the account (not the iMac contacts) This contact list was used to sent the malware URL to your contacts.. I checked this via the "sent" tab on the Yahoo server..and found these malicious emails.. I didn't found them in the "sent" folder of my Safari mailer..
    I deleted that "contact" list for my yahoo accounts and changed the PW..
    Still don't understand why my famous Intego VirusBarrier 2013 did not detect that..
    Also did a full scan with Intego and found nothing.. :confused:


    Makes a lot of sense....that is in line with what I experienced, as outlined in my previous post.. Thanks for sharing..
  13. USAntigoon macrumors regular


    Feb 13, 2008
    Rochester Hills, MI
    Intego VirusBarrier 2013

    Earlier in the year I upgraded my VirusBarrier X6 to the new "fancy" 2013 version.. I got zapped with that malware which got the cookie info etc.. VirusBarrier is worthless..Come to find out that the 2013 version is a "chopped down" version of the VirusBarrier X6...All these guys seem to love cutting corners..
    Will look into something else now..
  14. GGJstudios macrumors Westmere


    May 16, 2008
    3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link. Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Share This Page