Well, shit. I've been hacked.

edited October 2011 in Help & Testing
One of these things that grabs your address book and sends out mesages with a blank subject line and a generic sentence in the body trying to entice the recipeint to click on the included link.

I'm using a Macbook Pro with OS X 10.6.8, so I doubt that I've actually got a virus (infected OS), I suspect that it's related to the browser (Camino), but I'm pretty much clueless and would be grateful if some of you tech litterate folks could point me to a solution.

I was tipped off yesterday when I got three bounce notices with dead addresses that I would neve use (but must exist in my aging addressbook).  Funny thing is that ecfh bounced message had a different spam msg and link.

Any suggestons as to what my nest move should be?  ( Yeah, yeah, I know, I know.  Soz yer old man!  Other than that, as in something to help me deal with the damage and prevent recurrances of this shit? )

Many thanks in advance

Bart

Comments

  • ZedZed
    edited October 2011
    Same exact thing happened here to the wife on her laptop.  I'm checking to make sure everything is up to date and scanning right now.   XP Firefox 6   I'll probably be swapping over to Opera.
  • There's a simpler explanation Bart.


    Since it's public knowledge, spammers know which domains are real, so all they need is the username. Except they don't really need that either, because they use a dictionary list.

    It's sort of like taking a baby name book and matching up every name in the book to each real domain. Some addresses will turn out to be real e-mail accounts.

    Those bounces you received? Those are e-mail addresses that do NOT exist. That's why you got the bounce notices.   "Addressee Unknown"


    If you want to verify this, contact the people who are in your address book and ask them if they got a spam e-mail with your return address. You might actually turn up one or two examples since spam is so pervasive; but if someone is using your actual address book, then ALL of your contacts should have gotten it.

  • Since I appear in my wife's address book with several emails, I received several similar emails, as did our friends who are also in the address book.
  • Thanks Erik, but the addresses in each bounce were actual addresses from my address book, it's just that they are "obsolute," no longer in use by those people .  Add to that, I've gotten three messages from friends telling me I've got a virus.

    Sucks to be on the receiving end of those notices, especially when I've had to contact two of them in the past and tell them the same thing.

    So, any ideas...?
  • I've just run full scans using Malwarebytes and Avast and nothing malicious was found. Just curious, who is your email provider?
  • I use earthlink for email.  My isp is mediacom, but i suspect that it's limited to email.

    Someone on another board suggested strongly that changing my password will stop it immediately, so I've just done that.  Likewise, my banking PWs (which were not related, but never hurts to change them frequently in any case.)

  • If you have a wifi router is it locked up? WEP does not count. Does Earthlink use https at all times? Thinking if you use public wifi at any time...
    Check and see if the folks who make NOD32 have their Apple version for an evaluation download. You might want to send this to Steve Gibson, host of Security Now via www.twit.tv a great podcast. -anyone else listen? Good luck.
  • Wow!  Thanks a million, Joseph!
  • Interesting, we use earthlink here too for email...     No cable/DSL or "free wifi" used.  Strictly WWAN and an ad hoc wifi network to share that WWAN connection.
  • FWIW, I don't use an e-mail client at all. I haven't in YEARS.

    I use a proxy service to read my e-mail, in text format, on someone else's server.


  • Bart and Zed, please run the eset for Mac then report back.

    TIA
  • I don't run a Mac.  It is an Acer/Gateway netbook running XP, with webmail.earthlink.net for online email.  I strongly suspect this is something that is happening on earthlink's servers.
  • I'll do that, but it'll have to wait for this afternoon.
  • Bart, I have no technical advice.  I only posted to let you know this happens pretty routinely at the office.  I'm pretty sure I don't send myself advertisements for cialis.
  • edited October 2011
    zukiphile said:

    I'm pretty sure I don't send myself advertisements for cialis.

    Only because Ray already does.....
  • zukiphile said:

    Bart, I have no technical advice.  I only posted to let you know this happens pretty routinely at the office.  I'm pretty sure I don't send myself advertisements for cialis.

    Thanks, Zuk.  I know how routine it is, I get these all the time from my friend's accounts.  I immediately respond and tell them that they have the virus.  Actually, I'm getting pretty sure now that there's no virus involved, but rather some kind of hack of either the browser or worse, someone has hacked the server and gotten a bunch of passwords.  I'm leaning towards that last, but simply don't have the tech chops to make that determination.

    Dave, Max, anyone want to chime in on this?
  • What mail client are you using? Just some web-mail thing, or...
  • No, I use Apple's "Mail"
  • edited October 2011
    4nonymous said:

    Only because Ray already does.....

    Sexy.
  • Zed said:

    I don't run a Mac

    'What kind of chip you runnin'?'
    'Oh, I'm runnin' a lays. No man, ruffles has way more output'
  • Zed said:

    I don't run a Mac

    'What kind of chip you runnin'?'
    'Oh, I'm runnin' a lays. No man, ruffles has way more output'
    A Diller.  It says to remain calm, all is well.
  • That was some of the usual idiocy from the pool
  • Just to close this out, I got and ran ESET.  It gives me an inconsistent reading, but seems to have done the job anyway.  The first time I ran it, it reported that it found 3 infected files and quarantined them, but only one file was quarantined.  I deleted it, and all is well.  Of course, all has been well since I changed all my passwords, and the file that was quarantined was a DMG file that I have never opened.  Oh well...

    Thanks again for the tip, Joseph.
Sign In or Register to comment.