# My email got hacked



## Ray Dunakin (Jan 6, 2008)

Some of you may have noticed, my email account got hacked somehow, and apparently everyone in my address list got spammed. Sorry about that. I just did a virus scan on my Mac (came up negative), and changed my email account password. I hope that's enough to solve the problem.


----------



## Greg Elmassian (Jan 3, 2008)

most likely someone got your email password.... was it a word found in a dictionary? 

Greg


----------



## Ray Dunakin (Jan 6, 2008)

Not exactly, it also had some numbers in it too. Probably not as complex as it should have been, but I've been active online since 1990 and never had anything hacked until now. Anyway, I made the new password more complex and will change it more frequently.


----------



## joe rusz (Jan 3, 2008)

That's kinda what I figured.


----------



## Randy Stone (Jan 2, 2008)

Mac Attack? 

Probably one of those inhabitants of your railroad did it.


----------



## todd55whit (Jan 2, 2008)

I figured that was what that was. Happened to us a few months back.


----------



## krs (Feb 29, 2008)

Posted By Ray Dunakin on 21 Mar 2012 08:11 PM 
Some of you may have noticed, my email account got hacked somehow, and apparently everyone in my address list got spammed. Sorry about that. I just did a virus scan on my Mac (came up negative), and changed my email account password. I hope that's enough to solve the problem.



It's extremely unlikely that your email account was actually hacked and since there are no viruses for the Mac in the wild, all you would find with a virus scan are Windows viruses that someone might have sent you in their emails but those can't execute on the Mac and just sit there.
Either someone discovered your email password or the more likely scenario, your email address was just used on some other computer.

There is a pretty good explanation here of what could have happened.
http://www.pcmag.com/article2/0,2817,2375028,00.asp

Knut


----------



## Greg Elmassian (Jan 3, 2008)

HUH?










No Mac viruses?

I've been hearing this forever, not true at all... here's a list:

*http://www.iantivirus.com/threats/*

Not saying this is what happened to Ray, just saying that there are no mac viruses is untrue....










Greg


----------



## krs (Feb 29, 2008)

I don't have time right now to look through that list, but let me assure, there are currently no * viruses * that affect the Mac running any version of OS X. 

There were about 50 viruses that affected the old Mac OS, OS 6 to 9 and there is malware that affects Mac OS X - Trojans etc. 
But this is malware where the user has to give permission with his admin password to install it. 

Every time a "virus" was reported for Mac OS X, it was a false alarm. 

The problem is that people call any malware a virus. 

First statement in the Wiki: 

A computer virus is a computer program that can replicate itself[1] and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability. 

The Mac community has been waiting for a true virus for the Mac but so far all the doom and gloom reports by the various security companies have been a false alarm. 
I would love to be the first one to report about a true, valid Mac virus. 

believe me, I have spent many hours checking supposed Mac virus after the first report came out - it always turned out to be some other malware where the user had to do something rather stupid to infect themselves. Not like Windows, the infection happens and one doesn't even realize it until "funny" things happen. 

Knut 

PS: What malware writers for the Mac try to do is use Sociual Engineering to get people to download and install the Malware.

Last one I ran into was a window that suddenly popped up telling me that this software (which i wasn't running, just appeared) had detected 13 viruses on my Mac and a link was provided to download that Mac Anti-virus software to eradicate those 13 viruses.
Well, If they had said one or two, I might have bought into that - turns out that the supposed anti-virus software, which of course required an admin password, was the mal ware and some people actually fell for this.
Same when one downloads pirated software and installs that - another way to get around the basic Mac security
But no viruses that install themselves without user action and then replicate temselves from Mac to Mac.

And...if you're running Windows on the Mac via Boot Camp or whatever, then your Mac is susceptible to Windows viruses. so you need a Windows anti-virus program.


----------



## Greg Elmassian (Jan 3, 2008)

Wait, you don't have time to click the link (2 seconds) but you can type that big reply? Hmm.... 

Sorry, I'll believe the list and the rest of the Internet. 

OK, so now you changed your position from "there are no viruses for the Mac in the wild" ... to there are no Mac OSX viruses. 

OK, at your request, information about Mac OS X viruses:

*[url]http://www.howtogeek.com/63735/mac-os-x-viruses-how-to-remove-and-prevent-the-mac-protector-malware/* [/url]


*http://www.macforensicslab.com/Prod...cts_id=174*

*http://www.securemac.com/*

Here's from Apple itself telling you what OS X has in it to protect you from malware *[url]http://www.apple.com/macosx...l*[/url]

Come on, if there was no such thing, how come Apple has to tell you how you are protected from it?

Knut, you are usually right on technically, but here it is you, Don Quixote tilting against windmills (against the Internet)...


All you Mac people, if you believe nothing can attack your Mac, good luck, I have some choice bridges to sell you....

I have 10 linux servers at work, running Red Hat, and I get security fixes DAILY.... your Mac is built on what is an even more ancient Unix platform. 


Greg


----------



## krs (Feb 29, 2008)

Posted By Greg Elmassian on 22 Mar 2012 03:41 PM

OK, I'm back, let me address your comments briefly with >>> inserts. Everytime I try to use the quote option mls screws up on me

Wait, you don't have time to click the link (2 seconds) but you can type that big reply? Hmm....

>>> You misunderstood. It's not that I didn't have time to open the link - I sure did; I didn't have time to go through the list to demonstrate that none of the listed items are VIRUSES. 


Sorry, I'll believe the list and the rest of the Internet. 

>>> I'm not saying the list is wrong, just that there are no VIRUSES in the list. Otyher malware like Trojans yes, but all malware based on some social engineering aspect where they try to get you to download and install and authorize a piece of malware - nothing that installs itself without your knowledge and then infects other Macs.

You'll find the same thing when you check any other internet site that claims there are VIRUSES for Mac OS X. 


OK, so now you changed your position from "there are no viruses for the Mac in the wild" ... to there are no Mac OSX viruses.

>>> I started to specify Mac OS X because the list you linked originally included viruses for Mac OS 9. I assume they included those to make the list longer, but Mac OS 9 went out with the dinosaurs, well, not really, but it was discontinued about ten years ago and replaced with Mac OS X which now is in its 7th feature release. None of the Macs sold today or that have been sold in the last eight or so years can even run Mac OS 9; my older Mac which I bought in 2000 still had OS 9 capability but I retired that last year after 11 years of faithful service and it had been running OS 10.4 for about nine years of its life.

There are no VIRUSES on Mac OS X, any of the feature versions, OS 10.1 to OS 10.7


OK, at your request, information about Mac OS X viruses:

*[url]http://www.howtogeek.com/63735/mac-os-x-viruses-how-to-remove-and-prevent-the-mac-protector-malware/* [/url]


>>> The second paragraph in the above article either shows that the author doesn't know what he is talking about or he is misleading readers on purpose:


_The virus in question is actually a fake antivirus and trojan which goes by a few different names. It may present itself as Apple Security Center, Apple Web Security, Mac Defender, Mac Protector, and possibly many other names._

He first calls this a virus and then sort of corrects it by mentioning that it is actually a trojan.

This is the malware I mentioned at the end of my previous post. This is a piece of Mac malware that you have to download, install and authorize using your admin password - it is not a VIRUS which installs itself without your knowledge and the infects other Macs.
And that is what you will find with all the other reports about VIRUSES on the Mac - it turns out to be either false alarm or it is really a piece of "malware" but it is not a VIRUS.

If anyone can point me to a real virus that affects Mac OS X, I love to hear about it.
But it has to be a VIRUS, see the Wiki definition, not some Trojan or other piece of malware one has to install and authorize.

Knut


----------



## Semper Vaporo (Jan 2, 2008)

Knut: I absolutely agree with your definitions of "Virus" and "Malware", but I also recognize that to most people the word "Virus" is the generic word that defines some problem with their computer. It is the one word that the unwashed masses have in their vocabulary to explain what is the cause of their computer doing things that they don't want.

I fix computers for "fun" (but not "profit") and I do try to explain to people the difference between the different maladys that their computer is experiencing. But much like my Doctor saying, "Regardless of how stuffy your nose is, or that achy feeling all over your body; If you didn't vomit, then you have a 'Cold', not the 'Flu'!", I find that I am often talking to someone that will never know the difference.

I often have to cogitate hard in listening to people to really understand what they are a-flappin' their lips about... When someone says they are "Gay" I have to realize that they are not necessarily claiming that they are "merry or happily excited" nor "brilliant in color" (though they might be saying that they are "given to social pleasures, or licentiousness"); and when someone says they get a lot of "SPAM" they don't mean the canned meat product from Hormel Foods, Inc., of Austin, MN.

Likewise, when someone says their computer has a "virus" I must understand that what they mean is that their computer did something that has caused them more problems than normal.

I applaud your efforts to educate here, but I gave up trying to convince people that "the Gay Ninties" means the "merrimaking of the 1890's" and not "the immorality of the 1990's", because the language, she am a-changing and no voice can be loud enough to halt the polution.

I fully expect that someday the dictionary will list "THEN" and "THAN" as being interchangable.


----------



## Bob Pero (Jan 13, 2008)

I had never been hacked until I got on Facebook.


----------



## Greg Elmassian (Jan 3, 2008)

Knut, the definition of computer virus by wikipedia is acceptable, but not what the lay person calls a virus, they call anything that is malware a virus. 

Very few people are concerned about infecting others, their chief concern is their own computer. 

So, ok, I have not researched fully, so I cannot say for certain that there is a "Virus" for Mac computers, it could all be malware, according to the Wiki defs. 

But, since malware DOES exist for Mac computers, it's clear that a virus could be made, since malware DOES exist for Macs... there is no intrinsic capability in OS X that would stop malware that seized control of the computer from sending a virus out by email... maybe that situation fails your "self replication" scenario... but again, from a practical perspective, emailing out malware to others is a form of self-replication... 

Anyway, I may spend some spare time looking into the narrow definition this weekend... 

I will bet that to Ray, whether it is called a virus or malware does not matter one whit... 

Greg


----------



## krs (Feb 29, 2008)

Posted By Semper Vaporo on 23 Mar 2012 11:05 AM 
Knut: I absolutely agree with your definitions of "Virus" and "Malware", but I also recognize that to most people the word "Virus" is the generic word that defines some problem with their computer.


You and Greg are unfortunately right about that.

But I think it makes a huge difference if the "malware" can infect your computer without your knowledge or if the "malware" is of a type that one actually has to install and authorize via the admin password.

With the former, your only protection, and even that is often shaky at best is an anti-virus program, but with the latter I would expect alarm bells to go off - at the latest when the request for the admin password comes up so that this "application" which you didn't download, can be installed.

The MacDefender malware was a bit more tricky in that it tried to make you believe that you already had a Mac virus and that it was a legitimate anti-virus program - you actually had to click on a link to download and then authorize the installation.

I got that as well and thought something was fishy when it claimed to find a number of viruses on my Mac, others tweaked to the fact the application was called MAC Defender = M-A-C capitalized.

Mac is always spelled M-a-c, M-A-C refers to Media Access Control http://en.wikipedia.org/wiki/MAC_address
To make things worse, there is actually a legitimate program called MacDefender http://www.macdefender.org/index.html


Greg - there is definitely "Malware" for Mac OS X, but all "malware" that is easily detectable with a bit of common sense.
No true viruses like on Windows, no need to run an anti-virus program on the Mac unless one uses Windows on the Mac.

Mac anti-virus programs sold by the large companies typically cause problems and cause some strange behaviour which is really hard to track down. Happened to me years ago - I had Symantec anti-virus running on the Mac and ran into strange behaviour. Eventually, at the suggestion of some one, I removed that anti-virus software and things went back to normal.


The only anti-virus program for the Mac I would recommend ist ClamXav. It's rather slow but it doesn't affect the normal operation of the Mac.
It's also free.

As to "true" viruses for the Mac. I'm sure they will come eventually but in the last ten years since OS X has been around, they were continuous predicted but haven't happened yet.

I would suggest that everyone who uses a Mac joins some Mac forum/discussion group somewhere.
I like ehMac.ca, a Canadian group with some very knowledgable Mac people. Any reported Mac malware is discused there in detail and one can find out real quick if a reported "virus" is actually a virus or some other malware or just false alarm.

My other suggestion is to keep the Mac software up-to-date via the automatic Apple software updater. Security holes which always exist, mostly in associated siftware like a browser rather with the OS, get plugged pretty quickly but one needs to install the update of the software.

And mostly - think before you leap and install something unknown.

Knut 


PS: I hate typing these long posts on mls because I'm always afraid I'm goinng to loose all the info before it gets posted.
So please excuse the typos.


----------



## Greg Elmassian (Jan 3, 2008)

Knut, type a bit, then save, then edit... just like doing a backup! 

Technically you are correct, but really it really is not a big distinction between a virus that can infect at will and people "accepting" malware. 

The poor guy that allowed it to happen, whether he clicked a bogus link and executed some code in an html page.... it happened and messed up his computer. 

You do know they can hide executables in PDFs now, right? 

How many people scan the pdf before reading it... 

Greg


----------



## krs (Feb 29, 2008)

Posted By Greg Elmassian on 23 Mar 2012 09:07 PM 
Knut, type a bit, then save, then edit... just like doing a backup!

>>>Takes too long - I try to keep my comments short, less chance of a hick-up


Technically you are correct, but really it really is not a big distinction between a virus that can infect at will and people "accepting" malware.

>>>I think if someone ignores all the warning signs on the Mac and still downloads, installs AND authorizes the installation, three separate steps, than they deserve having to struggle with the malware. Most people will only do that once and then learn.

Apple has now even added a warning message when one downloads an "executable" from the net - I think that is a bit overkill, but as you noted, many people still get caught.
I was amazed how many people fell for that "We detected x viruses on your Mac, download this file and we'll fix it" scam. 


The poor guy that allowed it to happen, whether he clicked a bogus link and executed some code in an html page.... it happened and messed up his computer. 

You do know they can hide executables in PDFs now, right? 

>>>Doesn't matter, Windows executables (.exe files) won't run on the Mac. The most common Mac equivalents for applications are .dmg files (disk image files), these can't install themselves.


How many people scan the pdf before reading it... 

Greg


----------



## Greg Elmassian (Jan 3, 2008)

No, they can hide ANY executable in a PDF file.... a Mac malware/virus .... executable means code that can be executed, not an exe file... 

Greg


----------



## krs (Feb 29, 2008)

Here is something along the lines you describe - a Mac executable "hiding" in a pdf. 
http://forums.macrumors.com/showthread.php?t=1234691 

But on the Mac you still have to install and authorize the executable, it won't install itself. 
I would hope that people get suspicious if one is asked to provide the admin password to open a pdf file. 
Apple actually strongly recommend that one not use an admin account on the Mac but rather a normal user account - only log into the admin acount when installing new software. 
But since people don't seem to do that, Apple is now identifying these "malware" threats in software updates. 

I don't run any anti-virus software on any of the dozen or so Mac in the family. 
I used to rum ClamXav once a year just to see what it would find - sometimes a few Windows viruses that I picked up in Excel spreadsheets people sent to me, but never anything that would affect the Mac.


----------

