"support@mac.com" email virus?

S

Swrdfshtrombone

Registered
Anybody with a .Mac account receive an email supposedly from "support@mac.com" claiming people have been complaining about spam from their .Mac email account? I just did and it instructed me to download a password protected zip file (which I stupidly did). Upon unstuffing, an .exe file shows up. I didn't click on it; I just threw it away. I checked the long headers in the email and saw that the return path from the sender was actually a netscape email account.

Did anybody else get this? Am I safe since I didn't open the .exe file? Or am I infected?

Please advise!
 
Ok, a few points here.
- This is certainly a suspicious email on so many levels. Apple never email out files, patches or installers (unless you specifically request it for some reason) and all security updates are distributed via software update.
- Instructions from Apple are usually in the form of "Security update ... is now available via software update. Use software update to install it...."
- Apple almost never uses ZIP or EXE files. EXE files will not run on the Mac platform except inside a Virtual-PC emulated environment. Thus, even if this is a virus it cannot affect your Mac. Opening the file on a Windows PC though is another matter.
- There are no known viruses that affect Mac OS X.
- Do NOT respond to the email. To do so may confirm your address with the spammer.
 
Yeah, I figured it was suspicious b/c of the ZIP and EXE files. But the message was misleading. The ZIP file was stored in a folder, so I couldn't see it was a ZIP until I unstuffed it.

I know it's a bogus email. I just wanna know if my computer is OK. I ran Virex and all looked OK, but still. Can I get infected just by unzipping a file?
 
No. An EXE file will not run on a Mac. Essentially, a Mac cannot be infected with a PC virus (with the possible exception of Microsoft Office Macro viruses).
 
symphonix said:
No. An EXE file will not run on a Mac. Essentially, a Mac cannot be infected with a PC virus (with the possible exception of Microsoft Office Macro viruses).
Click to expand...

Sweet! That's good to know.

But I guess that begs the question: why even send this mailer out to .mac subscribers if it won't affect a Mac? Who would go through the trouble of faking a "support@mac.com" email address and feigning tech support? What would the purpose be?
 
I was using my .mac account on pc as well. And I think there is not much effort they put in adding some more domains such as mac.com... Those tools are completely automated
 
I would have been ROFl at that one. There is no .mac support at all. Just try and get someone to help with email not responding every day between 11:00 and 12:00 est, or why the .mac home page won't show up, or "where are the discussions?".

Heh... .mac support.

Funny.

But seriously, never open an atachment you did not expect or do not know what it is. My thing is if someone wanted me to look at something, they can email or call me later and ask if I got it. Then I can tell them to resend.

As mentioned earlier, MAC OS does not run .exe's, or .pif's, or .bat's or any other Winblows extension. Your Mac is fine and not infected. Just delete that sucker and laugh out loud at those PC users who have to endure this crap.

And say out loud... "THANKS BILL!!!"

Mike
 
Yeah a couple of my more useless (more senior, higher paid, less clue) users have opened this, unzipped it, put the password in and run it already.
On their PCs. I've cleaned their machine's registry and they're ok now - but forgod's sake! "It looked official" - it looked like a hotmail email to me, regardless of the 'support@domain name' apparently used.
Its W32.Beagle.J@MM if anyone's interested.

I couldnt care less, I only use my PC for the (cheap, limited, unstable) helpdesk software now....
 
Our work just recieved an email just like it... this email spammer sends from a spoofed email address.. it basicly looks at the domain that it's sending it to, then writes an email in accordance... such as "The mmmfg.com email team is working on new settings for your email, please take a look at the attached file that is password protected (it's 4858), follow any instructions, this will be a great help to our process. Thanks - The mmmfg.com Team!"

The whole reason for the password protection on the email is so that virus scanners cannot look in the file, and just skips it. Us mac users are totally protected of this, for its an Windows Executable.

BTW: I work for M&M Manfacturing Co, in dallas.

Quite a clever email, would fool almost anyone. =)

Stay safe!

Swrdfshtrombone said:
Anybody with a .Mac account receive an email supposedly from "support@mac.com" claiming people have been complaining about spam from their .Mac email account? I just did and it instructed me to download a password protected zip file (which I stupidly did). Upon unstuffing, an .exe file shows up. I didn't click on it; I just threw it away. I checked the long headers in the email and saw that the return path from the sender was actually a netscape email account.

Did anybody else get this? Am I safe since I didn't open the .exe file? Or am I infected?

Please advise!
Click to expand...
 
It looks like whoever originated this doesn't speak English as a first language - the message I got was:

Dear user of Telus.net,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

Please, read the attach for further details.

Have a good day,
The Telus.net team http://www.telus.net
Click to expand...
 
I received essentially the same email supposedly from "management" or some other fictitious sender on all three of my email accounts from three different providers all at the same time.
 
Mine was as follows:

Hello user of Mac.com e-mail server,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For details see the attached file.

Attached file protected with the password for security reasons. Password is 35646.

Kind regards,
The Mac.com Team

http://www.mac.com
 
My father got it and freaked. He uses it for his business and was pissed that problems might exist with his account. I had already read this post and knew he had received this fake. So many non-computer people are clueless. That's why these virii are so successful at spreading.
 
What is a bit worrying is that someone is trying to specifically target Mac users - which, I would say, is a new - and concerning - development.

Let's hope they don't get lucky.

But, in the meantime, no-one should be at all complacent about using a Mac. Never open anything which looks suspicious - and you can usually tell - and never ever open attachments (of any kind) that you're not expecting. Trash 'em!
 
What is a bit worrying is that someone is trying to specifically target Mac users - which, I would say, is a new - and concerning - development.
Click to expand...
I don't think so!

I have gotten the same email supposedly from Verizon.net and several times from our small church email account. All that means is the virus is smart enough to extract the domain name from your email address and use it in the spoof. Some poor shnook on a PC has your .mac address in their Outlook/Outlook Express/Entourage address book and their computer is infected with the Bagle virus. Bagle is one of the viruses that is spreading very rapidly this week. According to one leading antivirus site there were three variants of the Bagle virus released on Monday alone and more are coming every day. ::evil:: :mad:
 
You must log in or register to reply here.
Back
Top