Sending bogus emails

[tobindia]

I'm using a Macbook with all of the latest software (Mac OS X 10.6.7). Something seems to be sending out messages under my Yahoo email address to addresses on my Mail List with messages to click on various malware sites. I access Yahoo Mail directly over the Internet. I do not use Apple's Mail program.

I have downloaded AV software and scanned my hard drive. (Nothing showed up.) I have changed my Yahoo Mail password and shut down Yahoo Mail when not in use. Over the past day or 2, and when logged out of Yahoo Mail, a Yahoo (??) pop-up box comes up occasionally asking for my Yahoo Mail password -- which I cancel, obviously. This seems to be since changing the password.

Does anyone have any suggestions on what causes the bogus emails to be generated? Does anyone know what is causing the bogus (I presume) pop-ups?

 

[Gav2k]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

If your not using mail to access yahoo and going via a web browser it has nothing to do with your mac.

 

[stroked]

Your email account has been hacked. Change your password.

 

[tobindia]

OK, thanks. But what about the pop-ups?

 

[Hankster]

OK, thanks. But what about the pop-ups?

Yahoo has had reported issued of thousands of their accounts being hacked. It has nothing to do with Apple or your machine. I had mine hacked eight months ago. This is what you need to do:

1. Log into your Yahoo Mail and remove all your contacts. This is how they send out emails.

2. Change your password to include at least one caps letter and one number.

After this you will be fine.

 

[TheFridge]

I agree with the others on you having to change your Yahoo password. I would actually suggest that you go with Gmail (but this is just my preference)

About the pop ups. Where do they occur (e.g. in your browser)? You said you downloaded an AV, what is it called?

 

[GGJstudios]

I have downloaded AV software and scanned my hard drive.

Does anyone have any suggestions on what causes the bogus emails to be generated? Does anyone know what is causing the bogus (I presume) pop-ups?

As already stated, your email account was hacked. That has nothing to do with your computer or operating system. As for the pop-ups, it would be helpful if you could provide more details. Are you using an ad-blocker? What exactly is the content of the pop-ups?

No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:

Mac Virus/Malware Info​

 

[tobindia]

GGJstudios: I do not run any ad-blocker. The pop-up looks like the attached. (Sorry. I couldn't get it to paste from the clip board.) It looks like an official Yahoo request, but I just hit cancel. Doing so does not interfere with my real Yahoo Mail.

 

[GGJstudios]

GGJstudios: I do not run any ad-blocker. The pop-up looks like the attached. (Sorry. I couldn't get it to paste from the clip board.) It looks like an official Yahoo request, but I just hit cancel. Doing so does not interfere with my real Yahoo Mail.

Launch Activity Monitor and change "My Processes" at the top to "All Processes". Then look for any process that looks suspicious. Here's a few links to help you sort out which ones are legit.

Understand Mac OS X processes
Mac OS X: What Are All Those Processes?​

If you need help, post screen shots of your Activity Monitor processes.

 

[tobindia]

The 1st link (which is awesome, thank you) did not flag any processes as orange but several as blue:. I assume that Canon IJ Network Scan Utility is for my printer and that SophosAntiVirus, SophosAutoUpdate, and SophosUIServer are from my Sophos AV software. soffice is probably from Open Office. I also assume tht activitymonitord is from Activity Monitor. That leaves Awacsd, cvmsServ, InterCheck, WebKitPluginAgent, and WebKitPluginHost unexplained. None of these are mentioned in the 2nd link. Googling each of these indicates that cymsServ is the most questionable one. Anything stand out?

 

[stroked]

You need to get rid of Sophos AV. Look at the link on post 7.

 

[munkery]

Have you setup "Mail" to prompt for your email account's password at launch?

If yes, then "Mail" will prompt for your password whenever it queries the email server checking for new email. Does the interval at which this prompt occur correspond with the interval set to check for new email?

If you have not set "Mail" to prompt for your password at launch, then it is also possible that you made a mistake when you entered that email account's password during setup.

 

[Tumbleweed666]

Have you setup "Mail" to prompt for your email account's password at launch?

If yes, then "Mail" will prompt for your password whenever it queries the email server checking for new email. Does the interval at which this prompt occur correspond with the interval set to check for new email?

If you have not set "Mail" to prompt for your password at launch, then it is also possible that you made a mistake when you entered that email account's password during setup.

He did say he changed his password. So Mac Mail would likely have been running happily in the background, perhaps even without him noticing (maybe he even forgot he set it up), then when he changed his password on the web, but not in Mac Mail, after his Yahoo account was hacked, then the "pop ups" (actually, mail prompts) started because the password was no longer correct.

Hopefully that's it.

 

[marc11]

I agree with the others on you having to change your Yahoo password. I would actually suggest that you go with Gmail (but this is just my preference)

About the pop ups. Where do they occur (e.g. in your browser)? You said you downloaded an AV, what is it called?

My gmail was hacked the same way. Somehow my password was compromised and all sorts of emails were sent from my account. I changed my password to a strong type, using upper and lowercase letters, numbers and symbols. Also, make sure you do not use the same password or patterns for all your accounts, such as places like this site and your email. Each account should have its own password and pattern IMHO.