Sending bogus emails

Discussion in 'Mac Basics and Help' started by tobindia, Jun 20, 2011.

  1. tobindia macrumors member

    Joined:
    Aug 4, 2010
    #1
    I'm using a Macbook with all of the latest software (Mac OS X 10.6.7). Something seems to be sending out messages under my Yahoo email address to addresses on my Mail List with messages to click on various malware sites. I access Yahoo Mail directly over the Internet. I do not use Apple's Mail program.

    I have downloaded AV software and scanned my hard drive. (Nothing showed up.) I have changed my Yahoo Mail password and shut down Yahoo Mail when not in use. Over the past day or 2, and when logged out of Yahoo Mail, a Yahoo (??) pop-up box comes up occasionally asking for my Yahoo Mail password -- which I cancel, obviously. This seems to be since changing the password.

    Does anyone have any suggestions on what causes the bogus emails to be generated? Does anyone know what is causing the bogus (I presume) pop-ups?
     
  2. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #2
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

    If your not using mail to access yahoo and going via a web browser it has nothing to do with your mac.
     
  3. stroked Suspended

    stroked

    Joined:
    May 3, 2010
    #3
    Your email account has been hacked. Change your password.
     
  4. tobindia thread starter macrumors member

    Joined:
    Aug 4, 2010
  5. Hankster macrumors 68020

    Hankster

    Joined:
    Jan 30, 2008
    Location:
    Washington DC
    #5
    Yahoo has had reported issued of thousands of their accounts being hacked. It has nothing to do with Apple or your machine. I had mine hacked eight months ago. This is what you need to do:

    1. Log into your Yahoo Mail and remove all your contacts. This is how they send out emails.

    2. Change your password to include at least one caps letter and one number.

    After this you will be fine.
     
  6. TheFridge macrumors newbie

    Joined:
    Jun 19, 2011
    Location:
    South Africa
    #6
    I agree with the others on you having to change your Yahoo password. I would actually suggest that you go with Gmail (but this is just my preference)

    About the pop ups. Where do they occur (e.g. in your browser)? You said you downloaded an AV, what is it called?
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    As already stated, your email account was hacked. That has nothing to do with your computer or operating system. As for the pop-ups, it would be helpful if you could provide more details. Are you using an ad-blocker? What exactly is the content of the pop-ups?

    No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:
     
  8. tobindia thread starter macrumors member

    Joined:
    Aug 4, 2010
    #8
    GGJstudios: I do not run any ad-blocker. The pop-up looks like the attached. (Sorry. I couldn't get it to paste from the clip board.) It looks like an official Yahoo request, but I just hit cancel. Doing so does not interfere with my real Yahoo Mail.
     

    Attached Files:

  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    Launch Activity Monitor and change "My Processes" at the top to "All Processes". Then look for any process that looks suspicious. Here's a few links to help you sort out which ones are legit.
    If you need help, post screen shots of your Activity Monitor processes.
     
  10. tobindia thread starter macrumors member

    Joined:
    Aug 4, 2010
    #10
    The 1st link (which is awesome, thank you) did not flag any processes as orange but several as blue:. I assume that Canon IJ Network Scan Utility is for my printer and that SophosAntiVirus, SophosAutoUpdate, and SophosUIServer are from my Sophos AV software. soffice is probably from Open Office. I also assume tht activitymonitord is from Activity Monitor. That leaves Awacsd, cvmsServ, InterCheck, WebKitPluginAgent, and WebKitPluginHost unexplained. None of these are mentioned in the 2nd link. Googling each of these indicates that cymsServ is the most questionable one. Anything stand out?
     
  11. stroked Suspended

    stroked

    Joined:
    May 3, 2010
    #11
    You need to get rid of Sophos AV. Look at the link on post 7.
     
  12. munkery, Jun 21, 2011
    Last edited: Jun 21, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #12
    Have you setup "Mail" to prompt for your email account's password at launch?

    If yes, then "Mail" will prompt for your password whenever it queries the email server checking for new email. Does the interval at which this prompt occur correspond with the interval set to check for new email?

    If you have not set "Mail" to prompt for your password at launch, then it is also possible that you made a mistake when you entered that email account's password during setup.
     
  13. Tumbleweed666, Jun 22, 2011
    Last edited: Jun 22, 2011

    Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #13
    He did say he changed his password. So Mac Mail would likely have been running happily in the background, perhaps even without him noticing (maybe he even forgot he set it up), then when he changed his password on the web, but not in Mac Mail, after his Yahoo account was hacked, then the "pop ups" (actually, mail prompts) started because the password was no longer correct.

    Hopefully that's it.
     
  14. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #14
    My gmail was hacked the same way. Somehow my password was compromised and all sorts of emails were sent from my account. I changed my password to a strong type, using upper and lowercase letters, numbers and symbols. Also, make sure you do not use the same password or patterns for all your accounts, such as places like this site and your email. Each account should have its own password and pattern IMHO.
     

Share This Page