Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Possible OSX spyware

N

NewWorldMac

macrumors newbie
Original poster
Mar 16, 2009
24
0
I just won an Ebay auction and within seconds of winning the auction I received 2 phishing emails with my ebay account name, obviously my email address, and the Item number I just had won. The Auction accepted paypal payment and the emails stated that due to an error I would have to wire the money to spain. I contacted the seller and he claims he never sent me those emails, and I forwarded them to Ebays fraud department and they confirmed those emails were not authentic.

Now with Ebays new policy of not allowing people to see who won the auction how did these scammers get my Email address, my ebay account name, and the item number with the page linked to the auction I just had won.

Ebay was pretty useless through this whole ordeal, they claim that both mine and the sellers computers have not been compromised. How can this possibly be? The seller has perfect feedback and stated he never had this problem before. Now the question of the day is do I have some kind of spyware? Its pretty much impossible for the scammers to get my info without accessing one of our computers.
 
Most likely:

-Your eBay account has been phished.
or
-The seller is lying.

Very unlikely:

There are two OS X trojans which could be to blame, iServices.A and iServices.B.

They were originally distributed in pirate versions of iWork and Photoshop CS4 on the bittorrent P2P network. Once installed on the host computer, they attempted to contact a server in Russia. What the trojans do next, I'm not sure.

If you have downloaded a torrent of iWork '09 or Adobe Photoshop CS4, you are possibly infected.

There are also the RSPlug.A-E trojans, masquerading as video codecs on porn sites, which change your DNS servers, causing various kinds of trouble. Not likely though.
 
has nothing to do with the OS X platform and OS X trojans. website phishing is cross platform. the only way to prevent it is a more secure browser like Safari 3 or 4 which has phishing protection built-in and user prevention by checking that the URL is actually the site you where on and not a fake 'mask'.
 
richthomas said:
has nothing to do with the OS X platform and OS X trojans. website phishing is cross platform. the only way to prevent it is a more secure browser like Safari 3 or 4 which has phishing protection built-in and user prevention by checking that the URL is actually the site you where on and not a fake 'mask'.
Click to expand...

Could you elaborate on this? I am using safari 3.2.1 on my 2 week old Imac. Are you saying people can just extract info from browsers?

I didn't download any torrents, the only thing I downloaded was the movie player from the official fox website to watch an episode of hells kitchen. I made a post about it the other day, basically it didnt ask for my admin password to install the movie player and that freaked me out a bit, but posters said that was normal.

What scares me is I deliberately went to porn websites when I first got the computer to see how well the computer would react. I know that wasnt the most genius plan but I just kept rapidly clicking links and links to see if the mac was really as secure as advertised! Everything seemed to be fine as the computer continued to run smooth with nothing out of the ordinary. I also never clicked install or entered my password for anything on these web pages. Again I know it's not the smartest thing but I was kinda putting the mac to the test for my personal peace of mind. Thinking if this doesnt affect the mac nothing will!

I know I am a bit annoying, but my information has been compromised and I want to find out how and why to prevent it. Ebay couldn't help me, or even seems to care about the compromise of my security, but maybe someone can give me an idea of what I can do to find out where the leak is.

Also I dont believe the seller is lying because he was very thankful that I checked with him before sending the money with someone else, and he has contacted Ebay as well. Also it was just 2 emails sent to my email and no messages were posted to my ebay account. When I contacted the seller not only did I get a reply in my email box, I also got that message directly into my ebay account.

The really scary part about this, is the emails were sent a few minutes after the auction was won. I initially said seconds, that was an error. So the program or person that sent out this phish was on its A game.

Another thing about the seller is he doesnt believe he was online when the phishing emails came through.

Again I apologize for this mess of a posting but I really dont know what to do. I just want to find out if I am soon going to be a victim on identity theft, and really want to find out what happened. Ebay says if any personal info is in a phishing email change your passwords immediately. So lets assume someone had access to my account, I find it a little odd that they would so quickly realize I won an ebay auction and make fake emails with mine and the sellers info without some kind of trojan being installed. If this was done manually they would just have to keep logging into my email or ebay account every few minutes.....FRUSTRATING!!!!!!!!
 
NewWorldMac said:
....

Another thing about the seller is he doesnt believe he was online when the phishing emails came through.

...
Click to expand...
Oh, for Pete's sake. The only thing needed on your end to receive a phishing message is a working email address. The perpetrator can get this from the address book of any individual or business that ever communicated with you. They even have software that can generate addresses that match yours and mine. Some email clients have features reveal the true URLs for the sender.

However, no mechanical method can stop phishing. The only defense is education and vigilance.

P.S.: Phishing is not malware. Only two things on your system can hurt you in a phishing scheme--your own stupidity and gullibility.
 
Basic eBay Safety 101:

Don't click on links on eBay emails - even if you're expecting them.

If you're paying for items, log into eBay through the home page (type in the address or use your own favourites) and conduct your business there.

Never, ever log into eBay from a link in an email.

Same goes for anything - banks especially.
 
gnasher729 said:
Another possibility: The sellers account has been hacked.
Click to expand...

This is pretty common.

I recommend buying the security token that ebay/paypal sells for $5, perhaps buy two, as you can link multiples to an account, take one with you and leave one at your house. You can also validate via SMS, but that may get expensive if you don't have a high SMS plan. With one of these devices, if your password gets revealed to an attacker, it will do them little good.
 
NewWorldMac said:
What scares me is I deliberately went to porn websites when I first got the computer to see how well the computer would react. I know that wasnt the most genius plan but I just kept rapidly clicking links and links to see if the mac was really as secure as advertised! Everything seemed to be fine as the computer continued to run smooth with nothing out of the ordinary. I also never clicked install or entered my password for anything on these web pages. Again I know it's not the smartest thing but I was kinda putting the mac to the test for my personal peace of mind. Thinking if this doesnt affect the mac nothing will!
Click to expand...

I love this testing method.
 
ceezy3000 said:
wat email were u using?
Click to expand...

I was using AOL email!

HA HA! I see you like my testing method! The person who told me to get a mac to avoid spyware told me "I got to crazy porn sites for years, and I mean crazy, and I never got any spyware!"

Well I still cant figure out exactly what happened, so I am changing all my passwords, changing my account numbers, and reformatting OSX just to be safe. I formatted windows computers and installed windows hundreds of times, I hope I dont run into any trouble on the Mac.
 
NewWorldMac said:
I was using AOL email!

HA HA! I see you like my testing method! The person who told me to get a mac to avoid spyware told me "I got to crazy porn sites for years, and I mean crazy, and I never got any spyware!"

Well I still cant figure out exactly what happened, so I am changing all my passwords, changing my account numbers, and reformatting OSX just to be safe. I formatted windows computers and installed windows hundreds of times, I hope I dont run into any trouble on the Mac.
Click to expand...
You are not paying attention. Phishing schemes are not malware. They are not viruses, trojans, spyware, or anything else that can infect your computer or be removed from it. Changing your password is no more effective against phishing schemes than turning off the lights is against an earthquake.

A phishing scheme is an electronic falsehood. It may be distributed as junk mail. If the sender is flagged as distributor of junk mail, then he and his domain may be flagged as a source of junk mail and be blocked by your mail provider. However, this remedy is haphazard at best. My firm's email system blocks domains that have been flagged as sources of junk mail. One of the domains that it blocks is Yahoo.com.

Long story short--you are receiving junk mail that contains a phishing scheme. You do not have spyware or any other kind of malware on your computer. Please stop claiming that you do.
 
MisterMe said:
You are not paying attention. Phishing schemes are not malware. They are not viruses, trojans, spyware, or anything else that can infect your computer or be removed from it. Changing your password is no more effective against phishing schemes than turning off the lights is against an earthquake.

A phishing scheme is an electronic falsehood. It may be distributed as junk mail. If the sender is flagged as distributor of junk mail, then he and his domain may be flagged as a source of junk mail and be blocked by your mail provider. However, this remedy is haphazard at best. My firm's email system blocks domains that have been flagged as sources of junk mail. One of the domains that it blocks is Yahoo.com.

Long story short--you are receiving junk mail that contains a phishing scheme. You do not have spyware or any other kind of malware on your computer. Please stop claiming that you do.
Click to expand...

I wish that were the case, but this is not random junk mail. This was a specific mail targeted at me specifically for a specific product I won on Ebay. If I give you the link to the auction I won on Ebay you shouldn't be able to tell what my Ebay user name is, you also shouldn't be able to tell what my email address is.

Here is the link to the auction I won.

http://cgi.ebay.com/ebaymotors/ws/e...i=1&item=180338255609&viewitem=#ht_500wt_1363

Now tell me what My Ebay userID is, then Email me with the item number a few minutes after the auction had been won telling me I need to wire money instead. Someone got specific information that I dont believe is possible without gaining access to the computer. Prove me wrong and I will be very happy, trust me.
 
NewWorldMac said:
Now tell me what My Ebay userID is, then Email me with the item number a few minutes after the auction had been won telling me I need to wire money instead. Someone got specific information that I dont believe is possible without gaining access to the computer. Prove me wrong and I will be very happy, trust me.
Click to expand...
If they are doing things that close to the close of an auction then that are in the ebay system, won't be the first time. They won't know you won and all your info by watching everyone who logs onto the page they do it by following either ebay or the seller. Simple as that, WAY too much work otherwise.
 
NewWorldMac said:
I wish that were the case, but this is not random junk mail. This was a specific mail targeted at me specifically for a specific product I won on Ebay. If I give you the link to the auction I won on Ebay you shouldn't be able to tell what my Ebay user name is, you also shouldn't be able to tell what my email address is.

Here is the link to the auction I won.

http://cgi.ebay.com/ebaymotors/ws/e...i=1&item=180338255609&viewitem=#ht_500wt_1363

Now tell me what My Ebay userID is, then Email me with the item number a few minutes after the auction had been won telling me I need to wire money instead. Someone got specific information that I dont believe is possible without gaining access to the computer. Prove me wrong and I will be very happy, trust me.
Click to expand...

Easy. They hacked the sellers account. Why would they go after buyers when most people go buy one or two things a year? They go after the sellers because of the higher volume. The seller may have been caught in a phishing scheme where someone convinced them to put their username and password into a supposedly legit site, and now anyone who wins one of their auctions is potentially going to get one of those messages. Very difficult to trace.

The point is, there's nothing that could have gotten onto your machine and done that. Nothing exists which could do that.

jW
 
It came from the seller. Either he is lying or his account is hijacked.

Has NOTHING to do with OSX or the browser.

As long as you don't click the link in the scam email, you will be fine.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back