Help:  I think my mac has a virus, worm or Trojan Horse?

  • Posted: 24 January 2010 02:23 AM

    For the past week or so, people from my mailing list in Eudora have received a series of crude spam emails from my address containing links to porn sites. A couple of them have sent me copies of the messages.  Very embarrassing!  I’m not sure how to deal with this and I would appreciate any suggestions.  The cheaper the solution, the better.

    I have the original macbook pro, core duo running 10.5.6 and I use Eudora 6.2 as my email client.

    Thank you for any help you can offer,

    Christopher

    [ Edited: 24 January 2010 03:04 AM by christoxo ]      
  • Posted: 24 January 2010 08:39 AM #1

    The first thing I would do is change your email password.  What service are you using?

         
  • Avatar

    Posted: 24 January 2010 08:55 AM #2

    Very unlikely that you are the originator. Depending on how you sent large group messages (ie are all the recipients in the To: field or in the BCC: field), any one of your addressees could be the cause. The From: field in most spam messages are not legitimate, meaning they didn’t really originate from that address.

    Signature

    Mac switchers see my profile for switching help…

         
  • Posted: 24 January 2010 05:18 PM #3

    Thanks brokentry and intruder!

    I am using yahoo popmail and downloading all mail into Eudora.  I will try changing my yahoo password tonight when i get home. 

    When I forward to my list, I always use BCC.  The spam recipient addresses are culled, I think, from my Eudora address list.  I wonder if there is a chance that the addresses could have somehow been culled from my yahoo mail page?  Some are very old and out of date.  In fact, I think they are all old addresses some of which are still valid.

    Christopher

         
  • Posted: 25 January 2010 03:09 AM #4

    I have to agree, I doubt it’s anything related to the computer itself. It is definitely a good idea to change your password, though, if messages are coming from you to other people in your address book.

         
  • Avatar

    Posted: 25 January 2010 12:25 PM #5

    I’ve seen this fairly often. Usually someone you sent a message to gets infected and the virus digs through incoming e-mail for addresses to use in the to and from fields. I’ve actually received a message like this that I supposedly sent to myself.

    Changing your e-mail password isn’t a bad idea. Actually you should change it periodically anyway. I also have two e-mail addresses (.Mac lets you create these spoof addresses). I have one for correspondence with close friends and family and a second that I use as ID for on line things, TMO, and such. I can always throw away the spoof address if it gets compromised.

    Signature

    Courage is not the absence of fear, that’s insanity.
    Courage is knowing the risks and dangers.
    And doing what needs to be done anyway.

         
  • Posted: 25 January 2010 12:30 PM #6

    Good point, you’re absolutely right that it could be someone else who has either or both of them in their address book, and who has an infected PC which is sending spam.

         
  • Avatar

    Posted: 25 January 2010 12:46 PM #7

    Ask some of the recipients to send you the long header from one of the emails. Take a look at it and see if there is a clue to the originator

    Post it here and we can all look it, or send it to me via private message if you want. Delete yours and the recpients email addresses from the long header, I just need to see the route it took.

    [ Edited: 25 January 2010 01:15 PM by Lee Dronick ]

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Posted: 25 January 2010 02:14 PM #8

    Sir Harry Flashman - 25 January 2010 04:46 PM

    Ask some of the recipients to send you the long header from one of the emails. Take a look at it and see if there is a clue to the originator

    Post it here and we can all look it, or send it to me via private message if you want. Delete yours and the recpients email addresses from the long header, I just need to see the route it took.


    Thanks to all who have replied.  Sir Harry, I will ask recipients of the the porn spam to send me a full header which I will post here when I have it. Don’t know if people have retained any of the messages or not.  So, it might take a few days to get one,

    Christopher

         
  • Avatar

    Posted: 25 January 2010 10:10 PM #9

    Yahoo may well be the weak link here.

    Signature

    Mac switchers see my profile for switching help…