Welcome to the MacNN Forums.

zeldaren · Oct 28, 2006, 01:55 PM

Hi!

Just recently, I have noticed that if I send emails regarding a particular subject, certain key words from those emails, wind up in the subject heading of incoming spam. A PC user friend of mine was only too happy to inform me that I had something called a "key logger".

When I first got my Mac a few years ago, I don't think they even made spyware for Macs. I have faithfully purchased anti virus products but I am told this isn't really necessary.

Please advise this Mac dummy on what she needs to do.... Should I buy spyware, an anti key logger?
I am still running Panther. If possible, I really do not want to upgrade to Tiger, just to solve my key logger problem.

Any advice will be greatly appreciated...Zel

Tuoder · Oct 28, 2006, 01:59 PM

Originally Posted by zeldaren

Hi!

Just recently, I have noticed that if I send emails regarding a particular subject, certain key words from those emails, wind up in the subject heading of incoming spam. A PC user friend of mine was only too happy to inform me that I had something called a "key logger".

When I first got my Mac a few years ago, I don't think they even made spyware for Macs. I have faithfully purchased anti virus products but I am told this isn't really necessary.

Please advise this Mac dummy on what she needs to do.... Should I buy spyware, an anti key logger?
I am still running Panther. If possible, I really do not want to upgrade to Tiger, just to solve my key logger problem.

Any advice will be greatly appreciated...Zel

You don't neccesarily have a keylogger on your system. What site do you use for email? Some of them are not exactly "on the level". Also, this isn't a Power Mac related question, so you may have better luck in another forum.

Chuckit · Oct 28, 2006, 02:12 PM

It is highly unlikely, though conceivable, that you have a keylogger. Let's check.

1. What programs what you installed recently?

2. Open the program /Applications/Utilities/Activity Monitor. Set it to show all processes. Copy and paste the process list here.

That said, Macs are not vulnerable to the ways PCs usually get keyloggers. Unless you let suspicious characters use your computer, it's rather unlikely that one would be running on your system. It's more likely that somebody you are sending e-mails to has a virus that is spamming you back.

ghporter · Oct 29, 2006, 10:56 AM

I agree with the above that a "keylogger" is not the most likely cause of your problems. It could be your web mail service, or even your ISP. These are much more likely than actual spyware having somehow gotten onto your machine.

As Chuckit points out, Macs are not vulnerable in the same way that PCs are; it's very hard to slip something past the user on a Mac. However, the baddies are always coming up with new and bad things to inflict on us, so as Chuck says, post the list of your processes here and we'll have a look to help you see what's actually happening.

zeldaren · Oct 29, 2006, 06:31 PM

Here you go...

Again many thanks to those who responded. I never did figure out how to "select all" ...groan, but copied them one by one. I made a truly alarming discover while I was looking: Somehow I have managed to used up over 50 gigs of hard drive! How can that be? I guess I need check on how to get rid of old/redundant files. I do have Disk Warrior. Don't know if it will work for that.

Anyway....Here are my processes...They "seem" pretty harmless....

389 lookupd root 0.00 2 1,004.00 KB 28.08 MB
386 Safari zeldaren 0.00 5 6.73 MB 145.61 M
384 AppleSpell zeldaren 0.00 1 1.79 MB 37.36 MB
383 Database Daemon zeldaren 0.00 2 5.87 MB 138.22 MB
382 Microsoft Word zeldaren 0.00 2 34.36 MB 222.64 MB
380 pmTool root 1.40 1 924.00 KB 28.75 MB
379 Activity Monitor zeldaren 3.50 2 10.83 MB 159.00 MB
374 Mail zeldaren 0.00 7 30.70 MB 187.12 MB
368 automount root 0.00 2 928.00 KB 28.30 MB
365 automount root 0.00 2 940.00 KB 28.30 MB
362 rpc.lockd root 0.00 1 144.00 KB 17.70 MB
353 nfsiod root 0.00 5 156.00 KB 19.65 MB
338 ntpd root 0.00 1 340.00 KB 17.89 MB
320 SymSecondaryLaunch zeldaren 0.00 1 1.21 MB 125.38 MB
319 ScanNotification zeldaren 0.00 1 1.30 MB 125.49 MB
318 DiskMountNotify root 0.00 1 888.00 KB 27.23 MB
317 Norton QuickMenu zeldaren 0.00 1 2.86 MB 135.64 MB
316 iCalAlarmScheduler zeldaren 0.00 1 2.60 MB 130.05 MB
315 iTunes Helper zeldaren 0.00 1 1.86 MB 126.54 MB
313 IIDCAssistant root 0.00 2 1.69 MB 28.90 MB
311 Finder zeldaren 0.00 1 10.55 MB 160.65 MB
310 SystemUIServer zeldaren 0.00 2 5.46 MB 145.02 MB
309 Dock zeldaren 0.00 2 2.68 MB 132.31 MB
304 pbs zeldaren 0.00 2 1.61 MB 45.09 MB
253 DirectoryService root 0.00 2 2.33 MB 30.56 MB
236 NortonMissedTask root 0.00 1 600.00 KB 26.77 MB
232 crashreporterd root 0.00 1 140.00 KB 26.69 MB
230 NortonAutoProtec root 0.00 7 19.13 MB 55.93 MB
227 cupsd root 0.00 1 5.43 MB 32.41 MB
203 loginwindow zeldaren 0.00 5 5.57 MB 120.27 MB
187 ATSServer zeldaren 0.00 2 4.96 MB 94.58 MB
178 pppd root 0.00 1 968.00 KB 27.91 MB
176 ioupsd root 0.00 1 396.00 KB 26.70 MB
174 WindowServerzeldaren 1.50 2 26.89 MB 190.54 MB
169 mDNSResponder nobody 0.00 2 836.00 KB 27.32 MB
167 SecurityServer root 0.00 1 1.18 MB 28.22 MB
156 KernelEventAgent root 0.00 1 132.00 KB 26.70 MB
153 distnoted root 0.00 1 700.00 KB 27.10 MB
147 cron root 0.00 1 188.00 KB 26.96 MB
145 coreservicesd root 0.00 1 10.21 MB 38.50 MB
123 dynamic_pager root 0.00 1 124.00 KB 17.66 MB
119 update root 0.00 1 116.00 KB 17.63 MB
117 netinfod root 0.00 1 344.00 KB 26.84 MB
92 notifyd root 0.00 2 264.00 KB 18.24 MB
87 diskarbitrationd root 0.00 1 976.00 KB 27.23 MB
86 configd root 0.00 3 1.88 MB 30.41 MB
84 kextd root 0.00 2 1.95 MB 28.44 MB
78 syslogd root 0.00 1 212.00 KB 17.67 MB
2 mach_init root 0.00 2 212.00 KB 18.17 MB
1 init root 0.00 1 308.00 KB 17.65 MB
0 kernel_task root 0.50 38 62.73 MB 825.16 MB

Mister Elf · Oct 29, 2006, 06:52 PM

It's Norton.

brokenjago · Oct 29, 2006, 10:43 PM

Yes, get rid of Norton, it's useless. There are 0 (zero) virsues for the Mac, and if you *really want virus protection, get the free ClamXAV.

Gossamer · Oct 29, 2006, 10:51 PM

The only time an antivirus is useful on the Mac is when you're on a Windows network and you need to prevent the Mac from unknowingly sending on Windows viruses.

besson3c · Oct 30, 2006, 12:11 AM

Originally Posted by zeldaren

Here you go...

Again many thanks to those who responded. I never did figure out how to "select all" ...groan, but copied them one by one. I made a truly alarming discover while I was looking: Somehow I have managed to used up over 50 gigs of hard drive! How can that be? I guess I need check on how to get rid of old/redundant files. I do have Disk Warrior. Don't know if it will work for that.

Anyway....Here are my processes...They "seem" pretty harmless....

389 lookupd root 0.00 2 1,004.00 KB 28.08 MB
386 Safari zeldaren 0.00 5 6.73 MB 145.61 M
384 AppleSpell zeldaren 0.00 1 1.79 MB 37.36 MB
383 Database Daemon zeldaren 0.00 2 5.87 MB 138.22 MB
382 Microsoft Word zeldaren 0.00 2 34.36 MB 222.64 MB
380 pmTool root 1.40 1 924.00 KB 28.75 MB
379 Activity Monitor zeldaren 3.50 2 10.83 MB 159.00 MB
374 Mail zeldaren 0.00 7 30.70 MB 187.12 MB
368 automount root 0.00 2 928.00 KB 28.30 MB
365 automount root 0.00 2 940.00 KB 28.30 MB
362 rpc.lockd root 0.00 1 144.00 KB 17.70 MB
353 nfsiod root 0.00 5 156.00 KB 19.65 MB
338 ntpd root 0.00 1 340.00 KB 17.89 MB
320 SymSecondaryLaunch zeldaren 0.00 1 1.21 MB 125.38 MB
319 ScanNotification zeldaren 0.00 1 1.30 MB 125.49 MB
318 DiskMountNotify root 0.00 1 888.00 KB 27.23 MB
317 Norton QuickMenu zeldaren 0.00 1 2.86 MB 135.64 MB
316 iCalAlarmScheduler zeldaren 0.00 1 2.60 MB 130.05 MB
315 iTunes Helper zeldaren 0.00 1 1.86 MB 126.54 MB
313 IIDCAssistant root 0.00 2 1.69 MB 28.90 MB
311 Finder zeldaren 0.00 1 10.55 MB 160.65 MB
310 SystemUIServer zeldaren 0.00 2 5.46 MB 145.02 MB
309 Dock zeldaren 0.00 2 2.68 MB 132.31 MB
304 pbs zeldaren 0.00 2 1.61 MB 45.09 MB
253 DirectoryService root 0.00 2 2.33 MB 30.56 MB
236 NortonMissedTask root 0.00 1 600.00 KB 26.77 MB
232 crashreporterd root 0.00 1 140.00 KB 26.69 MB
230 NortonAutoProtec root 0.00 7 19.13 MB 55.93 MB
227 cupsd root 0.00 1 5.43 MB 32.41 MB
203 loginwindow zeldaren 0.00 5 5.57 MB 120.27 MB
187 ATSServer zeldaren 0.00 2 4.96 MB 94.58 MB
178 pppd root 0.00 1 968.00 KB 27.91 MB
176 ioupsd root 0.00 1 396.00 KB 26.70 MB
174 WindowServerzeldaren 1.50 2 26.89 MB 190.54 MB
169 mDNSResponder nobody 0.00 2 836.00 KB 27.32 MB
167 SecurityServer root 0.00 1 1.18 MB 28.22 MB
156 KernelEventAgent root 0.00 1 132.00 KB 26.70 MB
153 distnoted root 0.00 1 700.00 KB 27.10 MB
147 cron root 0.00 1 188.00 KB 26.96 MB
145 coreservicesd root 0.00 1 10.21 MB 38.50 MB
123 dynamic_pager root 0.00 1 124.00 KB 17.66 MB
119 update root 0.00 1 116.00 KB 17.63 MB
117 netinfod root 0.00 1 344.00 KB 26.84 MB
92 notifyd root 0.00 2 264.00 KB 18.24 MB
87 diskarbitrationd root 0.00 1 976.00 KB 27.23 MB
86 configd root 0.00 3 1.88 MB 30.41 MB
84 kextd root 0.00 2 1.95 MB 28.44 MB
78 syslogd root 0.00 1 212.00 KB 17.67 MB
2 mach_init root 0.00 2 212.00 KB 18.17 MB
1 init root 0.00 1 308.00 KB 17.65 MB
0 kernel_task root 0.50 38 62.73 MB 825.16 MB

Everything here looks cool...

What was taking up 50 gig of HD space? A log file that spun out of control?

goMac · Oct 30, 2006, 01:38 AM

Spammers usually get your address from things you buy and web sites you subscribe to. This way, they'll probably know your interests, and by coincidence, what you usually write in emails.

zeldaren · Oct 30, 2006, 05:34 AM

Hi!

Thanks for the advice!

So are you saying Norton is doing the key logging and then selling the info? I did not plan renew it - but now I will dump it.

Many thanks for all of your perspectives.

I'll post a new question about the filled up hard drive. That really amazed me.

Zel

Tuoder · Oct 30, 2006, 05:42 AM

I don't think Mister Elf was trying to say that Norton is a key logger. But Norton is garbage that you should dump. Again, who is your email service provider? Do you use your ISP? Do you use some kind of web-based email? Also, what goMac said is quite likely.

zeldaren · Oct 30, 2006, 05:59 AM

Based on all your comments I am leaning toward the isp or web mail being the culprit. I use Yahoo and Bellsouth. I wouldn't put it past Yahoo to peddle my info. I do not think the info is being pulled from my purchases online, etc. This is key words coming from my emails. Thanks again...Zel

ghporter · Oct 30, 2006, 07:46 AM

Originally Posted by Tuoder

I don't think Mister Elf was trying to say that Norton is a key logger. But Norton is garbage that you should dump.

Norton AV is NOT a keylogger, and cannot do anything like that. On the other hand, I can't agree that it is "garbage that you should dump." I've been using it for several years and I've never had a problem with it. Of course others seem to have a different point of view, but with literally decades of experience with their PC antivirus product and almost three years experience with their Mac product, I have had ZERO problems.

Originally Posted by zeldaren

Based on all your comments I am leaning toward the isp or web mail being the culprit. I use Yahoo and Bellsouth. I wouldn't put it past Yahoo to peddle my info. I do not think the info is being pulled from my purchases online, etc. This is key words coming from my emails. Thanks again...Zel

Let's also take another look at the email thing. I have used Yahoo! Mail for a long time, and I haven't had any issues with getting spam from private emails. Further, BellSouth is not known for being disreputable in this regard, so I'd lean away from them being involved. However, if you send emails through Yahoo to commercial sites, or in particular reply to unsolicited emails, you can often expect that the text of your emails will be harvested and connected to your email address.

The mention of webmail and ISP were really more focused on the smaller ISPs and their proprietary or internal webmail systems. "Bob's ISP and Storm Door Company" is not a good choice for one's primary connection, simply because small operations usually cut corners AND "enhance their revenue" with things like sharing subscriber lists and such.

Mister Elf · Oct 30, 2006, 02:29 PM

No, Norton isn't a keylogger - but, are you using it for antispam?

Macintosh Sauce · Oct 30, 2006, 11:44 PM

If you want great software to protect your Mac try this product from Intego. I highly recommend them from my own personal experience. Their software is already Universal.

Internet Security Barrier

Todd Madson · Oct 31, 2006, 09:02 AM

My question is: are you using Mac mail or are you using your ISPs webmail interface
(logging into a website). Or, are you using Microsoft Entourage? Or, are you using
Mozilla Thunderbird for e-mail?

Your list of active tasks says Mail is in use.

You said "I have noticed that if I send emails regarding a particular subject, certain key words from those emails, wind up in the subject heading of incoming spam."

This is what I think is happening:

You are sending e-mails to a friend who is infected. Its not you who has a keylogger.

Those keywords are being used to create spam by the spammers who have
infected his/her machine.

I don't think it's you. So, who have you been sending e-mails to?

Why not do a test and send a test e-mail consisting of test phrases to
see how long it takes for it to get regurgitated back to you.

Look at the long header of the incoming e-mails and you'll soon find
the real IP address of the sender.

Tuoder · Oct 31, 2006, 02:42 PM

Originally Posted by ghporter

Norton AV is NOT a keylogger, and cannot do anything like that. On the other hand, I can't agree that it is "garbage that you should dump." I've been using it for several years and I've never had a problem with it. Of course others seem to have a different point of view, but with literally decades of experience with their PC antivirus product and almost three years experience with their Mac product, I have had ZERO problems.

Let's also take another look at the email thing. I have used Yahoo! Mail for a long time, and I haven't had any issues with getting spam from private emails. Further, BellSouth is not known for being disreputable in this regard, so I'd lean away from them being involved. However, if you send emails through Yahoo to commercial sites, or in particular reply to unsolicited emails, you can often expect that the text of your emails will be harvested and connected to your email address.

The mention of webmail and ISP were really more focused on the smaller ISPs and their proprietary or internal webmail systems. "Bob's ISP and Storm Door Company" is not a good choice for one's primary connection, simply because small operations usually cut corners AND "enhance their revenue" with things like sharing subscriber lists and such.

I like norton on PCs. There is stuff that is as good for free, however. I always ran more than one kind of antivirus, and norton was usually one of them. I constantly hear that norton for the mac is garbage.

zeldaren · Nov 1, 2006, 05:19 AM

Thanks again for all your comments!

As to my mail program. I use the mail client that comes with OS X. I have a yahoo userid and a couple of bellsouth userids. My mail from Yahoo is forwarded to me. My Bellsouth mail is downloaded into the OSX mail client. Hope that makes sense! Zel

msuper69 · Nov 2, 2006, 05:27 AM

Originally Posted by Tuoder

I like norton on PCs. There is stuff that is as good for free, however. I always ran more than one kind of antivirus, and norton was usually one of them. I constantly hear that norton for the mac is garbage.

Norton Utilities is garbage on OS X; it can destroy your system as it has never been properly updated to handle newer versions of OS X. Norton AV is fine.

ghporter · Nov 2, 2006, 08:55 AM

Originally Posted by zeldaren

Thanks again for all your comments!

As to my mail program. I use the mail client that comes with OS X. I have a yahoo userid and a couple of bellsouth userids. My mail from Yahoo is forwarded to me. My Bellsouth mail is downloaded into the OSX mail client. Hope that makes sense! Zel

How is the Yahoo! mail forwarded to you? That sounds like a nice big opportunity for someone/something to harvest your mail contents to me.