ipad virus

Let'sgoflying! · Feb 15, 2012

well now that I have your attention:

What is happening is that my ipad email account has been spoofed.

An email (about facelifts or something) is going out to friends and the "from" address confirms that it has to be from my ipad.

My laptop has the email set up with a slightly different "from" setting but the same address as in: DTaylor<myemail@sbcglobal.net> vs
Dave T<myemail@sbcglobal.net>

Also confirmatory is that the email went out last night just about the time I had the ipad open for a half hour.

.........Just checked the Sent folder and there is the bogus email in the ipad.

How do I prevent my ipad from sending out these emails?
I can send a screenshot to any techies requesting it.
Thanks

Jim_R · Feb 15, 2012

Let'sgoflying! said:
An email (about facelifts or something) is going out to friends and the "from" address confirms that it has to be from my ipad.

For what it's worth, the "From:" address on an email doesn't confirm anything. Most email programs allow you to put anything you want in there...certainly, the tools spammers use do. See Wikipedia's article on "email spoofing" for how it works.

.........Just checked the Sent folder and there is the bogus email in the ipad.

This is confirmation that your ipad is actually involved in the process, and not just a 3rd party spoofing your email address. Someone who knows something about ipads will have to help you with that.

TangoWhiskey · Feb 15, 2012

Jim_R said:
This is confirmation that your ipad is actually involved in the process, and not just a 3rd party spoofing your email address. Someone who knows something about ipads will have to help you with that.

Not necessarily... his iPad may have just synced content with another corrupted device or server.

rpadula · Feb 15, 2012

TangoWhiskey said:
Not necessarily... his iPad may have just synced content with another corrupted device or server.

That's what I'm thinking. I'm not aware of any iOS problems like this.

DT, are any of the recipients of "your" email spam savvy enough to capture and send all the email headers? That could tell us if the emails were actually sent from your email account (meaning you may have a compromised computer or someone has your email password), or if they just put your info in the "From:" field but sent from somewhere else.

Which version of iOS is on your iPad?

Jim_R · Feb 15, 2012

TangoWhiskey said:
Not necessarily... his iPad may have just synced content with another corrupted device or server.

Okay, let me rephrase to clarify my point: "This is confirmation that it's not just a remote 3rd party outside of your control spoofing your email address...some device under your control is sending email, and you should have the power to stop it."

Let'sgoflying! · Feb 15, 2012

DT, are any of the recipients of "your" email spam savvy enough to capture and send all the email headers? That could tell us if the emails were actually sent from your email account (meaning you may have a compromised computer or someone has your email password), or if they just put your info in the "From:" field but sent from somewhere else.

Sure, Rich I can either send you:
a) the returned email (one of the recips was no longer using that address) or
b) the sent mail from the ipad
c) a recipient would be happy to send the post to me, or copy the sent to addresses.
Will check on OS tonight, thanks.

TangoWhiskey · Feb 15, 2012

Jim_R said:
Okay, let me rephrase to clarify my point: "This is confirmation that it's not just a remote 3rd party outside of your control spoofing your email address...some device under your control is sending email, and you should have the power to stop it."

That works!

rpadula · Feb 15, 2012

Let'sgoflying! said:
Sure, Rich I can either send you:
a) the returned email (one of the recips was no longer using that address) or
b) the sent mail from the ipad
c) a recipient would be happy to send the post to me, or copy the sent to addresses.
Will check on OS tonight, thanks.

Dave, this is what I had in mind:

http://antivirus.about.com/od/windowsbasics/a/emailheaders.htm

http://email.about.com/cs/spamgeneral/a/spam_headers.htm

Let'sgoflying! said:
What is happening is that my ipad email account has been spoofed.

An email (about facelifts or something) is going out to friends and the "from" address confirms that it has to be from my ipad.

My laptop has the email set up with a slightly different "from" setting but the same address as in: DTaylor<myemail@sbcglobal.net> vs
Dave T<myemail@sbcglobal.net>

Also confirmatory is that the email went out last night just about the time I had the ipad open for a half hour.

.........Just checked the Sent folder and there is the bogus email in the ipad.

How do I prevent my ipad from sending out these emails?
I can send a screenshot to any techies requesting it.
Thanks

I'm a little confused by the above. Which name appears to be sending the spam? DTaylor or Dave T? Which name is set on the laptop mail program, and which name is set on the iPad? Do you sync the iPad on this same laptop?

Given what little I know, I'd be inclined to change my email password to something stronger pronto, after a thorough virus cleaning, or from a known virus-free machine (i.e. a Mac

)

Let'sgoflying! · Feb 15, 2012

OS 5.0.1 (9A405)

NB only about half of the addresses the spam was sent to were on my ipad. One recipient was not on either ipad or laptop. (and I almost never send email from the website)
Does that make the hacking at the server level rather than in-house?

Let'sgoflying! · Feb 15, 2012

See Wikipedia's article on "email spoofing"

huh, so this may not be in my computers at all!

"Amalgamating addresses found in address books, for example:
User1 triggers an email address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users email address book
The worm sends an infected message to user2@efgh.com, but the email appears to have been sent from user3@mnop.com"

This could be really difficult to figure out. Hope that is the end of it.

TangoWhiskey · Feb 16, 2012

Let'sgoflying! said:
huh, so this may not be in my computers at all!

"Amalgamating addresses found in address books, for example:
User1 triggers an email address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users email address book
The worm sends an infected message to user2@efgh.com, but the email appears to have been sent from user3@mnop.com"

You got it!!

Let'sgoflying! · Feb 16, 2012

Now that is going to be really hard to fix. And explain to people!

denverpilot · Feb 17, 2012

A detailed analysis of the headers to see which mail servers the mail passed through is in order. The headers controlled by the end-points mean very little in e-mail forensics. If the bad-guy has direct access to a server, the first hop is also useless/suspect.

Let'sgoflying! · Feb 17, 2012

denverpilot said:
A detailed analysis of the headers to see which mail servers the mail passed through is in order. The headers controlled by the end-points mean very little in e-mail forensics. If the bad-guy has direct access to a server, the first hop is also useless/suspect.

pm your email if you want to look at them, I don't think I should post e-addresses here?

ipad virus

Let'sgoflying!

Touchdown! Greaser!

Jim_R

Pattern Altitude

TangoWhiskey

Touchdown! Greaser!

rpadula

En-Route

Jim_R

Pattern Altitude

Let'sgoflying!

Touchdown! Greaser!

TangoWhiskey

Touchdown! Greaser!

rpadula

En-Route

Let'sgoflying!

Touchdown! Greaser!

Let'sgoflying!

Touchdown! Greaser!

TangoWhiskey

Touchdown! Greaser!

Let'sgoflying!

Touchdown! Greaser!

denverpilot

Tied Down

Let'sgoflying!

Touchdown! Greaser!