I am using a Mac with the latest and greatest operating system. Oddly, I suspect I have a virus.
Let me start with a red herring. A person on my contact list has a virus and I get periodic e-mails from him including only a link to a commercial enterprise. I may have clicked on one of these links. But (and this is important) this has been happening on my Yahoo mail account.
I have another account, on Hotmail. I use it to write to only one person, although it also get a share of spam. That other person has complained I am sending out spam consisting of a link to a commercial enterprise.
Could my Yahoo friend have infected my Hotmail account? More importantly, how do I fix this? As a Mac person I am not used to the idea of being infected.
If your friends are receiving bogus email from your Hotmail account, it is not your computer that is compromised. Your Hotmail account has been hacked, someone guessed your password. Look in your sent mail folder, you should see all the bogus email. Change your password to something more secure (if you can still get into this account).
Almost certainly this. Spam that preports to come from someone is no big deal. It is nothing more than the text in the “From” field - it is not evidence that the mail was actually sent from that account. One of the more amusing forms of spam is when it appears to have been sent to you by you. The spam need not even originate from an acquaintance’s machine; once the email address is known by the spammers, they will use it both as a target address and as a From address in spam. Often such emails have a better chance of passing through spam filters, and have a better chance of being read, so there is incentive for the spammers to take this approach.
Most likely, when you clicked on the link of that email, it asked you to create an account and you typed in the same name and password as your email account. if so, they can now access your email and they’re actually sending emails as you. If so, then yes, changing your password will stop the emails. If that doesn’t work, then they’re using a different trick.
A lot of hacker sites (and also even reputable sites like facebook or linkedin.com) will ask you for your gmail/hotmail/yahoo name and password without really explaining why. Surprisingly many people simply type it in then. The website then logs into your account as you and sends mail to your friends. (Or in the case of linkedin and facebook, it can search your addressbook to get your friends, and then it may decide to send them “Paul in Qatar wants you to join our site!” emails).
But by the way, I couldn’t let this pass unchallenged from your first post:
[QUOTE]
As a Mac person I am not used to the idea of being infected.[/QUOTE
Wow, I love apple products too; but seriously, you’ve been brainwashed by apple marketing. It is just as easy to make a virus for mac as it is for windows. 99% of the time, viruses have nothing to do with how secure the operating system is, but rather (as in in your particular case) just tricking the user to click a link to either download something or else enter a name/password.
Did you check the sent email folder as suggested by Fear Itself? If the messages were there, then your account was hacked, and the messages will stop. But if this was just a trivial use of your address in the From field, then they won’t as they are not originating from the Hotmail account.
If you have a copy of one of the spam emails you could also check the headers to see the actual path the email took. These are harder to forge, and would indicate if the mail did originate with Hotmail or not.
If this was true, one would expect that there would be OS X malware in proportion to Mac market share - some 7% of Windows, meaning that there would be tens of thousands of different “viri” on OS X. This is simply not the case. This list puts the known OS X malware at around 120.
Trojan Horses and Social Engineering exploits are always a concern on any platform, but the fact of the matter is that OS X is far less vulnerable to attack than Windows. Whether that is a result of any inherent security advantage of the OS is irrelevant.
ahem
The malware you describe is not a virus, but rather, a trojan. The defining characteristic of a virus is that it needs no user intervention to make its way onto your system. A trojan, on the other hand, masquerades as a benign program, and requires the user to take some step to install or activate it: entering a password or clicking an ‘I agree’ dialogue box.
It is more difficult to infect an OS X machine with a virus than it is to infect older Windows machines. I believe that Windows XP and earlier ran user processes as root or administrator, so any malware with user permissions could have its way with the machine. All machines are susceptible to trojans, though, because they require user action. Mac OS X machines, and, I believe, newer Windows machines, do not run user applications and processes as root, so trojans on these machines do less damage.
bullshit. malware is done for money. malware needs to spread to make money. Windows is the dominant platform by far, so it makes sense to target it to make sure malware spreads. acting like installed base is a straight predictor of malware targets is intellectually lazy.
more bullshit. vulnerability is independent of the rate of attacks. OS X can be full of holes (and given its reliance on BSD and GNU software, further given Apple’s laziness in issuing patches to vulnerabilities in said BSD and GNU software, not to mention Apple’s slovenly attitude towards security updates to its own software) but if no one sees any benefit to exploiting those holes, then it won’t get cracked.
Put it this way. Windows is like having an apartment in the ghetto. You’ve got bars on the doors and windows, guns trained on any entry points. you sleep with a 12-gauge by the bed. You’ve bolted shit down as best you can, but people are constantly trying to kick your door in.
meanwhile, OS X is like having a house out in the country. you leave your doors unlocked as a matter of course. nothing happens since your next door neighbor is a mile away and you might go days without seeing another soul.
I don’t think there’s anything about OS X that makes a virus unlikely. Be that as it may there STILL AREN’T ANY, after all this time. When you hear hoofbeats where there have as of yet been no horses, consider zebras. However possible a Mac virus may be, you’re not likely to be the first person to get the first virus. It would make the news at the various MacOS-centric web sites.
Yeah, despite the ads you aren’t immune. Virus writers just don’t think you are numerous enough to be worth the added programming time. Enjoy that they believe you to be just not worth the trouble.
Mac OS is Linux made pretty (much like Windows is DOS made pretty… or used to be… DOS prompts are essentially emulated now). All OSs are vulnerable to viruses, worms, and other miscellaneous malware (if that weren’t the case, Stuxnet wouldn’t have hosed Iran’s nuke plant). Throw something like ClamAV on there (there are a bunch of solutions out there) but don’t be fooled into thinking that AV is a cure-all.
Computers are like meat - if something smells funny, it’s best to trash it and start over (referring to software, not hardware). Rebuild the OS, scan the heck out of all backed up data, and (this is pushing the limits of convenience) consider killing the Yahoo/Hotmail accounts and starting new ones.
Mac OS9 had at least one or two genuine viruses. The issue can get convoluted in that many security tests, articles and etc have found serious fault with Mac OSX security and found that it has many proven vulnerabilities. These vulnerabilities have indeed been exploited in the wild by Trojans, various other MalWare like keyloggers and etc. But not by any known virus, most people would use the the term virus to describe a worm or Trojan or keylogger but in the IT security field they use more precise terminology.
Mac OSX has serious vulnerabilities that are exploited by malware in the real world. The reason general malware is not a significant problem on OSX is because of its lower market share which makes it a less attractive target. However the reason there are no true viruses is probably because the nature of OSX makes it particularly difficult for a self replicating malicious program to propagate from computer to computer, so this is an area where OSX is technically superior to Windows.
It is just as easy to make a virus for mac as it is for windows. 99% of the time, viruses have nothing to do with how secure the operating system is, but rather (as in in your particular case) just tricking the user to click a link to either download something or else enter a name/password.