Discussion:
GMail Account Disabled Due to Spam
(too old to reply)
David Kaye
2014-01-23 06:45:23 UTC
Permalink
Raw Message
A frantic customer phoned me late this afternoon. Seems she can't get her
mail via gmail on her Mac. Well, I hate trying to navigate Mac mail setups
anyhow, but I gave it a fair shake. Seems I was able to send out email from
her gmail account but not get anything back in. Uh, wrong port? Nope.
Trying to send her a message from one of my Yahoo accounts told me all I
needed to know: her account was disabled.

"By any chance was there spam going out from your account?" "Well, all I
remember is that I opened some email and clicked on something that was
supposed to be a greeting card, but it didn't do anything. And then the
next day people told me that they'd gotten email from me telling them to
click on something. I didn't send out any such thing..."

Yup, gmail disabled her account. So, was there malware on her computer?
It's most likely, given that her password is very convoluted and she uses it
only for that account. If she opened another gmail account would her
computer start spamming again?

So, I looked around for some kind of freebie malware scanner for Mac. Since
I don't support Mac unless dragged kicking and screaming, I have no Mac
tools to speak of.

I went to sophos.com since they're one of the few websites I feel I can
trust that also has Mac software available. Had to download the thing 3
times and install it twice before the Mac would run it. Odd. Anyhow, I
started the scan -- 687,000 files. Huh? Even my most packed XP machine has
only about 150,000 files. What on earth are all those other files about?
Well, she bought me a burrito and she and her husband and I sat down to
dinner while Sophos is running in the other room.

Nothing. Sophos reports nothing on her computer.

So, did the Mac OS disable or eliminate what caused the problem the first
time? Is the malware undetectable by Sophos? Who knows?

In the meanwhile, does anybody have any suggestions for Mac anti-malware
tools that are as good as ComboFix, MBam, MS Security Essentials, etc are
for Windows?
sms
2014-01-23 13:32:04 UTC
Permalink
Raw Message
On 1/22/2014 10:45 PM, David Kaye wrote:

<snip>
Post by David Kaye
In the meanwhile, does anybody have any suggestions for Mac anti-malware
tools that are as good as ComboFix, MBam, MS Security Essentials, etc are
for Windows?
Probably the Sophos product is the most trustworthy
<http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx>.

"As good?" Unlikely. There's this whole myth of invulnerability that has
hampered development of these tools for Mac because so few people
believe they need the tools. Couple that with the relatively small
market share of OS-X and few companies want to spend any resources on
this problem.

In fact, recent hacking contests have shown that there is a need for
such protection on Macs.
Kevin McMurtrie
2014-01-23 13:44:11 UTC
Permalink
Raw Message
Post by David Kaye
A frantic customer phoned me late this afternoon. Seems she can't get her
mail via gmail on her Mac. Well, I hate trying to navigate Mac mail setups
anyhow, but I gave it a fair shake. Seems I was able to send out email from
her gmail account but not get anything back in. Uh, wrong port? Nope.
Trying to send her a message from one of my Yahoo accounts told me all I
needed to know: her account was disabled.
"By any chance was there spam going out from your account?" "Well, all I
remember is that I opened some email and clicked on something that was
supposed to be a greeting card, but it didn't do anything. And then the
next day people told me that they'd gotten email from me telling them to
click on something. I didn't send out any such thing..."
Yup, gmail disabled her account. So, was there malware on her computer?
It's most likely, given that her password is very convoluted and she uses it
only for that account. If she opened another gmail account would her
computer start spamming again?
So, I looked around for some kind of freebie malware scanner for Mac. Since
I don't support Mac unless dragged kicking and screaming, I have no Mac
tools to speak of.
I went to sophos.com since they're one of the few websites I feel I can
trust that also has Mac software available. Had to download the thing 3
times and install it twice before the Mac would run it. Odd. Anyhow, I
started the scan -- 687,000 files. Huh? Even my most packed XP machine has
only about 150,000 files. What on earth are all those other files about?
Well, she bought me a burrito and she and her husband and I sat down to
dinner while Sophos is running in the other room.
Nothing. Sophos reports nothing on her computer.
So, did the Mac OS disable or eliminate what caused the problem the first
time? Is the malware undetectable by Sophos? Who knows?
In the meanwhile, does anybody have any suggestions for Mac anti-malware
tools that are as good as ComboFix, MBam, MS Security Essentials, etc are
for Windows?
The attack was likely a web page presenting a simulated Google login
request. You could always grab one of the spams and check out the
payload.

As for the files - When Apple moved from "Classic" to "OSX", they
decided to get rid of structured resource files. The original
implementation had some ties to 68K Pascal and it used file forks. The
crude replacement is a folder of resources that sometimes looks and
behaves like a file. And no, Apple hasn't updated the ancient
filesystem codebase to handle that the incredible number of directory
traversals and file caching required to make that simulation work.
They're extremely inefficient to work with.
sms
2014-01-23 14:39:42 UTC
Permalink
Raw Message
On 1/23/2014 5:44 AM, Kevin McMurtrie wrote:

<snip>
Post by Kevin McMurtrie
As for the files - When Apple moved from "Classic" to "OSX", they
decided to get rid of structured resource files. The original
implementation had some ties to 68K Pascal and it used file forks. The
crude replacement is a folder of resources that sometimes looks and
behaves like a file. And no, Apple hasn't updated the ancient
filesystem codebase to handle that the incredible number of directory
traversals and file caching required to make that simulation work.
They're extremely inefficient to work with.
They need a total rewrite but that's unlikely to happen given Apple's
concentration on iOS and iOS devices.

What I find amusing is going to embedded developer events and seeing a
lot of Mac hardware--all running Windows 7. Apple may want to consider
offering Windows as an option on their Macs, either as a second OS using
Bootcamp, or as the only OS. They could greatly increase Mac sales if
Windows were available from them, rather than making users install it
themselves.

Loading...