Hello all! I have had a crazy past few days... Here's my symptoms and devices in order they became problematic. FYI I run lion on the MacBooks and everything always up to date. I manually check things every day.
iPhone 4S: 1pm Wed afternoon, I get a text from a friend saying "I think you've been spammed". He forwards me an email from my own me.com email address that I did not send which has a web link to click some spam. Immediately after, I check my sent mail using my normal everyday use MacBook Air's mail app. The sent mail folder shows ten emails sent over a one minute period from my me.com address. My passwords are crazy secure, I don't file share, I don't visit pornographic sites or download any software and I am a very responsible home administrator. I have no idea how this happened. I completely nuked my phone and restored to factory thinking maybe some software I bought on the iPhone was doing this. I didn't need any data off it so I just went fresh. I went to the forgot apple password on my MacBook Air and chaned my password, like I do every first of the month. I relaxed for the evening and when I woke, I opened my MacBook Air and mail wants me to edit my iCloud mail password because it's telling me the password is incorrect. So that tells me that somebody else is resetting my password. I then turn off my wifi on the MBA and check launchd only to find some crap that I never enabled, wrote, or installed. When a volume mounts, sync it with some script in my usr/bin. Sync my address book and contacts with something else. Ok, so I disable them, and delete them. Bam, they're immediately back and set to do another random sync on another part of my system. So then I was freaking out. Ok I have backups, recover lion time. Wife turns on the ps3 to watch some Netflix and the ps3 can't connect to the network. Ok, factory reset router. Wait forever, ps3 still can't connect. Close my MacBook and my wife's MacBook and immediately, my ps3 connects to the playstation network. Hmm. This sucks I think to myself. Big time. So back to inspecting...
MacBook Air: I found two MobileMe login IDs under my Users section of my system preferences panel. That's when I felt a little sick from worry. I then checked my wife's MacBook and saw her Users section had some bonjour-looking copy of my login ID from my MacBook. Wow. So I close her lid, hold down my power button, and restart with option and go into recovery GUI. Cool. I'll just reset my apple password and all my security info using my fresh iPhone on att's network. Second time but this time there's no way my iphone is compromised. So that worked. Then back to the MacBook air... Clicked Restore Lion (I think that's what it said), went on my fresh wifi, Lion installer wants my apple ID and password, fine, so that gets going to download and install. Three hours later, no progress. Now I'm really starting to be angered over this. Tried to boot using c to boot into my Snow Leopard DVD to a spinning ring forever again. So now I'm thinking my recovery partition has also been compromised. How could this happen? I feel like I've been obsessively cautious and secure. So I then booted with c into my factory cd for Leopard! Yes, Leopard. And ran that boot installer... Success!!! Logged in on my MacBook Air now running Leopard. Checked some places of vulnerability and all was superb! Cleared myself to get on the fresh wifi now and do software update through Leopard. Looking good so far.
Right now, I am updating Leopard. I want to then go to Snow Leopard again, then maybe Lion. I'm vary afraid to go through that again. I haven't lost any data but for others this could be extremely devastating. I'm asking here if anybody knows what this is or what could have happened. I'm also warning everybody to check their ~/Library/LaunchAgents directory for oddities. Also check your Users preference pane for anything unusual.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
