Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 1147 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recurring Mal/Phish-A Threat ...

KellyM

MBP, OSX 10.7.2, Sophos 7.3.7C. I got a Mal/Phish-A warning in December and Clean the Threat. But it keeps popping up randomly every 8-12 days in the same place, Account.html in an Espionage mount. Clear the Threat always works but it has popped up five times now. A handful of friends report spam with urls from me within minutes of Sophos detection and cleaning.

I use Mail 5.1 and Mac Outlook 2011 14.0.1 99% of the time but I have had to login to AT&T/Yahoo web mail a couple times recently. I have zero contacts in my webmail other than sent/receive emails. I hate webmail.

Could this reccurence be an Espionage or Time Machine ghost? Sophos always reports the same file and path which is backed up via Time Machine. I cannot find Account.html in Finder.

Sophos describes Mal/Phish-A as a Windows threat and I cannot find any other mention of it here. Why it is popping up on my Mac?

Is webmail as evil as I want it to be?

Thanks!

:1005207


This thread was automatically locked due to age.
  • 0

    It makes sense for your friends to be receiving spam at the same time as you get the detection, because this detection is due to you receiving (likely) the same spam.  Your address is likely being forged as the From: sender.

    However, I have also been dealing with a webmail spam case where the webmail has been compromised and the attacker has added themselves as a secondary authority for the account -- meaning that even if you change your password, they can still mess with your account and send spam.  You may want to check ALL your webmail settings to ensure they are configured correctly.  Also examine the settings for any other online account you have that shared the same password as your webmail account, and change those passwords to be unique.

    It doesn't really matter if you have no contacts in your address book, as they generally get their contact list from other sources.

    Mal/Phish-A is listed as a Windows threat solely because this is the default category.  Phishes are universal, as they depend on the computer user to take action (click a link, go to a website, enter information).

    :1005211