[X4U] Trojan horse on the Mac?

Nick Scalise nickscalise at cox.net
Fri Oct 20 08:34:28 PDT 2006 

---- Bob Aldridge <aldridgebob63 at comcast.net> wrote: 
> Cable company gave the e-mail of the offending PC's and Mac.
> 
> I doubt the cable company too, but I need to prove them wrong on this and
> prove to the staff Macs are safe as I professed.
> 
> Doing a little checking around I found ClamXav. I'll give it a shot.
> 
> Thanks,
> 
> --Bob
> 
> 
> On 10/19/06 9:57 PM, "Nick Scalise" <nickscalise at cox.net> wrote:
> 
> > On Oct 19, 2006, at 9:48 PM, Bob Aldridge wrote:
> > 
> >> This question deals with a Trojan horse on the Mac and anti-virus
> >> software.
> >> 
> >> I have a situation I¹m at a loss to understand and could use some
> >> help from someone who may have encountered it before.
> >> 
> >> I have installed some Mac¹s at my church¹s office. They have both
> >> Mac¹s and PC¹s for now. The local cable company that supplies the
> >> internet access stopped the outgoing mail because they said four of
> >> the machines (3 PC¹s and 1 Mac) were infected with something that
> >> is sending out msg¹s. They named the offending PC¹s by e-mail,
> >> including the Mac. Only one of the PC¹s is the big problem,
> >> apparently sending out a msg every 3 seconds, and the other two
> >> PC¹s and one Mac were only sending a few msg¹s.
> >> 
> >> Sounds like a Trojan horse installed itself on the PC¹s and is
> >> causing the big problem. Norton Anti-virus was up to date and did
> >> not catch it. I¹ll figure out how to clean the PC but I¹ve never
> >> heard of a Mac getting the same thing that infected a PC. And what
> >> do I run to clean the Mac? I didn¹t buy any Mac anti-virus because
> >> I didn¹t think Mac¹s would get Trojan horse¹s.
> >> 
> >> My questions are: Is the cable company correct? Did the same Trojan
> >> horse infect the Mac & the PC¹s? And if so, how do I clean the Mac
> >> of the Trojan horse.
> >> 
> >> If you have a suggestion to how to clean the PC I¹ll take it too.
> >> Norton Anti-virus did not detect it.
> > 
> > My first question for the cable company is how they know which
> > computers are sending which messages.
> > 
> > I generally avoid Norton, it seems to cause more problems than it
> > solves.
> > 
> > There are 3-4 apps that I use to keep a PC safe from viruses,
> > malware, etc. All free, of course:
> > 
> > AdAware - <http://www.lavasoftusa.com/software/adaware/?
> > SpyBot - <http://www.safer-networking.org/en/spybotsd/index.html>
> > AVG Anti-Virus - <http://www.grisoft.com/doc/products-avg-anti-virus-
> > free-edition/lng/us/tpl/tpl01>
> > Zone Alarm - <http://www.zonelabs.com/store/content/company/products/
> > znalm/freeDownload.jsp?dc=12bms&ctry=&lang=en>
> > 
> > I don't have any prophylactic apps on my Mac. I seriously doubt that
> > your mac is truly sending out emails without your knowledge.

Unless the cable company sent you the full emails with the headers intact, they are useless.

Emails that travel through legitmate email servers have bits of information from each server. Usually where the server got the email from (IP), what time it received it, etc.  If you are reading email through a webmail interface, you may not be able to view this information.

Headers will almost always tell you exactly where an email came from. (Spammers are very good at hiding this stuff, virus writers are not).
--
Nick Scalise
nickscalise at cox.net

More information about the X4U mailing list