Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outlook problems with Macbook OS X 10.9.2


  • Please log in to reply
7 replies to this topic

#1 wcrsmiles

wcrsmiles

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 27 April 2014 - 07:15 PM

My outlook is sending out spam. I received an email to myself from my email address containing a spam email today, it is not in my sent folder. . I have a MacBook using OX S 10.9.2. I have reset my outlook password every day because this has happened for over a month. I have deleted all my history, and cookies. It happened again today. I am out of ideas.

Please don't tell me to change my password! I did it on Friday and I received the spam email on Sunday. Since I have a MacBook I'm not sure if there is a virus, Malware, or Spybot checker. I'm out of ideas here and Outlook does not provide technical support for this issue.



BC AdBot (Login to Remove)

 


#2 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 PM

Posted 27 April 2014 - 07:58 PM

My outlook is sending out spam. I received an email to myself from my email address containing a spam email today, it is not in my sent folder. . I have a MacBook using OX S 10.9.2. I have reset my outlook password every day because this has happened for over a month. I have deleted all my history, and cookies. It happened again today. I am out of ideas.
 
Please don't tell me to change my password! I did it on Friday and I received the spam email on Sunday. Since I have a MacBook I'm not sure if there is a virus, Malware, or Spybot checker. I'm out of ideas here and Outlook does not provide technical support for this issue.


It is probably not actually coming from your computer/email account. It is rather easy to spoof the "from" address of an email message (i.e. make it look like it is coming from an account that it is not actually come from). More than likely that is what is happening here.

You can try displaying the full header of the email message. Right click on the message whose header you want to view and select View Source from the pop-up menu. This will open another window with the message displayed with full headers. From there you can look at the message "path" through servers and/or the message ID. Try the message ID first. It will be about midway through the header. While it can be spoofed as well (if memory serves), it is harder. If that does not help, then try looking through the message "path" through servers. The path goes in reverse order…i.e. servers "closer" to you will be at the top, while the originating server should be the last item. Again, it can be spoofed (if memory serves), it takes more work that just spoofing the from email address. More than like either of those will show that the message likely did not originate from you. If it did originate from your email account, then the message ID and the originating server should show the domain name of your email service (i.e. if you are using Gmail, then gmail.com should show up as part of the message ID).

#3 wcrsmiles

wcrsmiles
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 28 April 2014 - 12:50 AM

Here is what I get when I look at the source. I do not know what to do now to stop it.
 
x-store-info:4r51+eLowCe79NzwdU2kR0zqpsRfiBoyBAvwfFOB/SHgMLy5PukxyHWsBlkKdbAZVrcEa3diyGc7uEyLNNME79gv8vxvnyfmuVXyBY+w1LQYJgyWguON28/w5odJWYaEgZfanDJLb7DHkzNofCjMhA==
Authentication-Results: hotmail.com; spf=pass (sender IP is 46.29.160.29; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=<removed email>@sexaz.org; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=hotmail.com; x-hmca=none header.id=<removed email>@hotmail.com
X-SID-PRA: <removed email>@hotmail.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTlOnDqzKqWvmn0SM2/IS0vC7mmlZsX182AUX8Vo4IOea38o+Shu9up2Pwem2EOmRwTMvFMgvhtwloqakFTRB5O9fv6ZsTUMKPWFZEGQaj5F7Oy4OceREA6Z35whjGZQO0pYKOtrfVexrBhbayROiQnCXaISth18FdBvvLLdJKjnlt9z5BftjqSPdGjYF4OaVE1vPh4lkTWG4SJSQLinWZS2
Received: from ns1.hostbaku.net ([46.29.160.29]) by COL0-MC4-F6.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
     Sat, 26 Apr 2014 14:02:45 -0700
Received: from apache by ns1.hostbaku.net with local (Exim 4.76)
    (envelope-from <removed email>@sexaz.org>)
    id 1We9kC-0004LJ-9l
    for <removed email>@hotmail.com; Sun, 27 Apr 2014 02:02:44 +0500
To: <removed email>@hotmail.com
Subject: Bank Draft Of $5,5, Million Dollars Left For You
X-PHP-Script: sexaz.org/ero/index.php for 41.71.189.36, 41.71.189.36
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: <removed email>@hotmail.com
>
Message-Id: <E1We9kC-0004LJ-9l@ns1.hostbaku.net>
Date: Sun, 27 Apr 2014 02:02:44 +0500
Return-Path: <removed email>@sexaz.org
X-OriginalArrivalTime: 26 Apr 2014 21:02:46.0247 (UTC) FILETIME=[DFA7CF70:01CF6192]

#4 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 PM

Posted 28 April 2014 - 02:03 AM

sender IP is 46.29.160.29

Received: from ns1.hostbaku.net ([46.29.160.29]) by COL0-MC4-F6.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
     Sat, 26 Apr 2014 14:02:45 -0700
Received: from apache by ns1.hostbaku.net with local (Exim 4.76)
    (envelope-from <sexaz@sexaz.org>)

Message-Id: <E1We9kC-0004LJ-9l@ns1.hostbaku.net>



The above three things suggests where the email originated. The two domains and one IP address are all link to sites/accounts in Russia. So, unless you are in Russia, then it is likely spoofed.

Assuming it is spoofed, then there is really nothing you can do…other than make use of a spam filter. There is basically nothing you can do to stop someone from spoofing your email address, whether they send it to your or someone else.

I suppose there is still a chance that it is some sort of malware, but I rather doubt it. If you want to check, then you could install some anti-virus/malware and scan your computer. There are a number of options for the Mac. I personally use VirusBarrier from Intego. A free option is ClamXAV: http://www.clamxav.com. Most of the major anti-virus makers tend to make a Mac version as well.

BTW, you should not post your email address on a forum such as this. I suggest you edit your post (if you can) to remove the first part of your email address (i.e. the part before @hotmail.com). I have also reported it to the Moderators to possibly edit if you cannot edit it.

Edited by smax013, 28 April 2014 - 02:06 AM.


#5 wcrsmiles

wcrsmiles
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 28 April 2014 - 03:36 PM

The problem is that somehow this spoof email is able to get all my contacts and send spam email to everyone. I don't know how to stop that. I just received more spam email today from myself as did several people from my email contact list.



#6 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 PM

Posted 28 April 2014 - 11:21 PM

The problem is that somehow this spoof email is able to get all my contacts and send spam email to everyone. I don't know how to stop that. I just received more spam email today from myself as did several people from my email contact list.


This new information might change things a bit.

It is still possible that the spam messages are still just spoofed messages, but the fact that people from your contact list are getting messages make it likely that there is an infection involved somewhere (while it still could be on your Mac, there reality it that it is more likely on a Windows computer…just more malware out there for Windows than for Macs)…or maybe that your Hotmail/MSN account got hacked (I believe that Hotmail/MSN has had this type of problem in the past).

For these several other people that got spam messages that appeared to come from you, would any of them likely have everyone who got a spam message in their email contact lists? The reason to ask this question is to try to determine where the compromised email contact list might have been…on your computer or on someone else's computer who had you in their contact list. At this point, you are certainly on that list, but so could someone else who got those messages. In other words, while it could be an infection on your computer, it could actually be an infection on one of your friend's computer that then resulted in spam messages to you and other using your spoofed email address as the sender since your email address would have been in the friend's email contact list. This is a rather common tactic of certain kinds of malware infections (i.e. use an email list found in the contact list of the infected computer…not email address of the owner of the infected computer).

The other overall question to ask is do you ONLY use the MS Outlook email client on your Mac to access your Hotmail account? Or do you sometimes use a web browser to access your email account? Also, does your contact list sync in any way to your Hotmail account or did you "upload it" to your Hotmail account? This is to try to determine if it is possible that your Hotmail account was hacked. Even if it was hacked, then you likely did all you needed to do by changing your password. It is possible that even if they no longer have access to your email account, if they got your contact list from the account, then they can spam those addresses with spoofed messages.

To be honest, at this point, my bet is that someone you know might have been infected. The fact that only SOME of the people on your contact list got spam messages suggests that you are not infected. If you were infected, then it would be more likely that all or a high percentage of the people on your contact list would get spammed…although I suppose it is possible that an infection could be "sneaky" by only spamming some.

Again, if you want to check for infections, then get an anti-virus program, install it, and run a scan.

#7 wcrsmiles

wcrsmiles
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 29 April 2014 - 03:02 AM

Today I received an email that stated I had sent out an email that was undeliverable. These spoof emails went to email addresses that are in my contacts, but haven't been used in years. I have pasted the email I received below. 

I ran clamx to check for viruses, but came up with 0 viruses found. I use safari to access hotmail/outlook. I do not use my MAC email tool. I only have a mac and an iphone to read email. I have never used a PC. 

 

 

From:  Mail Delivery System (MAILER-DAEMON@sv02.a-wave.net) Your junk email filter is set to exclusive. Sent: Mon 4/28/14 8:18 PM Sent: Mon 4/28/14 8:18 PM To: myemailaddress@hotmail.com

This is the mail system at host sv02.a-wave.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<myfriendsemail@aol.com>: delivery temporarily suspended: host
mailin-01.mx.aol.com[205.188.159.42] refused to talk to me: 421 4.7.1 :
(DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html


--Forwarded Message Attachment--
From: myemailaddress@hotmail.com
To: myfriendsemail@aol.com
Subject: [SPAM] Wendy
Date: Thu, 24 Apr 2014 01:02:13 +0100

http://pinecaskpani.com/vezr/crpmsmfedsxvn.pbvuhiunca



#8 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 PM

Posted 01 May 2014 - 02:29 PM

Again, the odds of you being infected with anything are practically non-existant. To my knowledge, there is no know Mac malware that will infect a Mac and then send spam (or otherwise) email from that infected system. There are, however, examples of such malware for Windows computers.

The email messages being sent to you and being sent to people on your contact list as well as any messages notifying of you undelivered messages from you (aka "bounce messages") are almost 100% likely due to some spammer out there in the world spoofing you email address. Assuming that is the case (and I virtually 100% sure that it is), then there is nothing you can realistically do short of changing your email address to something else. The following article gives another option (see the section on spoofingtowards the end of article), but frankly it is likely a waste of your time:

http://www.intego.com/mac-security-blog/what-to-do-if-your-email-account-gets-hijacked-and-sends-out-spam/

To support my belief, I give you a couple similar discussions on other "Mac specific" forums:

https://discussions.apple.com/message/24484767#24484767

http://forums.macrumors.com/showthread.php?t=1637892

The only real thing in question (in my mind) is how the spammer got email addresses from your contact list. It is possible that it is just coincidence that some of the people on your contact list are getting spam messages spoofed with your email address, but I find that to be a little bit of stretch. Assuming that it is no coincidence, then the more likely scenarios are as I outlined beforeeither your Hotmail account was hacked and they got your contact list when they hacked it OR someone on your contact list who also had you in their contact list along with the other people who got spammed with messages spoofing your email address and who using a Windows machine got infected with malware that is sending out the messages. For the former, you already did what you needed to dochange the password. For the later, there would be nothing for you to do other than suggest your friends check their machines for malware.

So at this point, there is not really anything more that I can do to help you that I can see. If I am wrong, then someone else will likely correct mebut I doubt that will happen.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users