Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Does my Mac have a virus? 1

Status
Not open for further replies.

Steffieg

Technical User
Jan 29, 2003
35
GB
I have used Macs for several years and have never had any virus problems. However this morning my Inbox contains over 90 returned mail messages, the message I have supposedly sent is in a foreign language so I have no idea what it is about. This is the 2nd time it has happened in the past 2 months, I know I am going to be plagued with plenty more of these Returned Mail messages in the next few days.

I am not really aware of how these things work and find it very worrying...anyone have any advice for me????

Thanks all.
Steph
 
While I'm not an expert on this, the most obvious answer would appear to be that your email address is being used by a spammer.

Lets say your email address is stef@yyyyy.com. The spammer can create that address on his machine, in an app like Outlook, and send messages. Ones to no good email addresses get returned to you. If somebody was to look at the headers, etc in the spam email, they would see that they came from a different server than yours.

Again, I'm not an expert but the above is not hard to do. What you described is usually calleda "bot" whers spammers "highjack" other machines to send out their garbage. To date, no virus or bot has been found that works on osx and none have ever been reported to work. Because of the reported security in osx, any break in it would be widely reported.







Using OSX 10.3.9 on a G4
 
As jmgalvin noted, the most likely scenario is that someone else is using your email address in there spam emails.

What can you do about it? Not much, if anything, short of changing your email address. Even that could possibly be only a temporary stopgap measure. You can't stop them from using your address as the bounced email return address, so you are forced to somehow live with the 'returned' junk.

What I would do is try to determine if there is a common denominator in what is being returned. Then set up my filters to automatically delete anything like that when it is 'returned' to you. Filtering this way will ONLY work for those being returned now. If something different is returned in the future, you would need to adjust your filters again to accomodate the new rash of 'returned' junk mail.


mmerlinn

"Political correctness is the BADGE of a COWARD!"

 
I don't think it is a bot or a virus because of the reasons already mentioned. I just wanted to say that I have seen this before. The emails look like returned messages and are fomatted as such but might NOT actually be returned messages. These are particularly bad in Windows boxes with autopreview turned on and in older versions of office. What happens is the spammer logs which messages were opened based on what "picture" requests his server hits vs. the email address it was sent to. If the random email address returns a hit then the email address is valid and will be sold and re-used forever....

Turn you Junk filter settings to high and have it move the messages to the junk folder.... sounds like just a bad batch of spam....

Rob
 
The way to see if the messages actually came from you is to look at the original sender's IP address in the mail headers.

To date, no virus or bot has been found that works on osx and none have ever been reported to work.

This is not true but what is described seems like a common email spoof that is typically not the fault of your own computer. Spammers make use of bogus email addresses by sending mail through poorly secured SMTP relays. These can be on any platform.
 
Hi Steffieg
You're not using AOL are you?
I get all kinds of weird email on AOL
I get nigerian scam email from the scammer addressed to the scammer, my name is nowhere in the email.
IMacQuarker
 
The type of email service provider has no effect on if your email address can be spoofed. Everyone is a target.
 
Thanks guys. So I guess its something I have to live with...just delete/filter out the returned messages and don't worry about it....
 
Steff: The only problem is that it can get worse and people will start blaming you for the spam.

You're probably best off creating a new account/email address (if possibe). Send it to all whom you want to have it. Reply to emails from the new account rather than the old, by creating a new email for response rather than hitting the reply button. After everyone has the new address, dump the old one.

Using OSX 10.3.9 on a G4
 
Expect to delete your email account every 6 months. [bigsmile]

I've got email addresses from 10 years ago. There is no reason to kill an address simply because it is abused by a spammer.

Your family, friends and business contacts are not affected by this bounced mail. Check the bounced messages and note how none of them are addressed to people that you know.

There is no problem with maintaining your current email account. Just take filtering steps in your own inbox to deal with the bogus bounces.
 
AOL is a spam magnet and a much a bigger target than my other email providers.
Also my other provider is much better at detecting and deleting viruses.
 
Regardless of the degree of being a 'magnet', there is no immunity from having your email address spoofed by another.

The issue at hand is not that spam is being attracted to Steffieg's mail account. The issue is that someone is spoofing Steffieg's email address to send spam. This has no relation to the platform that Steffieg uses, their email ISP, or to any anti-virus apps used. Anyone can have their email address spoofed.

The issue is not about receiving spam. The issue is that someone is pretending to be Steffieg by sending mail with Steffieg's falsified address. This is a stupid vulnerability that has been around for decades. We just live with it.

For more info, Google 'email spoof'.
 
I reckon if it's just a one off (which is usually the case), you should ignore it.

I've had the same domain and email address for 10 years, this has happened twice to me, as far as I recollect.

I wouldn't rush off and change my email address yet.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top