Viruses on OS X

[Satcomer]

I just read the article Mac Flashback malware: What it is and how to get rid of it (FAQ). I tried it just to make sure I wasn't affected and I urge everyone try to see if they are infected.

Plus Apple today out a version 2 (April 5, 2012) off the Java Update so check your Software Update again. It is just updated because of Disk unpacking bug on some Macs.

[Giaguara]

Essentially, like in http://osxdaily.com/2012/04/05/how-t...-in-mac-os-x/:

Launch Terminal (found in /Applications/Utilities/) and enter the following commands:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you see a message like “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist” proceed to the next defaults write command:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you see a message similar to “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist” then the Mac is NOT infected.

I still smell BS statistics and scare tactics deployed by anti-virus companies for the numbers telling that "several hundred thousand older Macs have been affected".

Sort of the same type of numbers and mutant statistics that a while back mentioned how an average woman eats 4-7 lb of lipstick in her lifetime. When you break back the numbers of how much an average woman "eats" lipstick a year, it would come to at least 1.5 oz which would be, if the lipstick are the same size as average lip balms, count to 10 lipsticks. A year. So a lipstick a month, eaten and not used as a lipstick?
Just based on how much lipstick is reported sold does not count that the women eat it all.
Just because there are several hundred thousand older Macs around it does not mean they were all affected, or even that would all have had laid-back java settings in them.

Anyway. Back to vulnerabilities and potential vulnerabilities... they still pretty much remain the same on Macs:

1. Java (aka Java platform - not a Mac OS X specific issue)
2. Javascript (aka a Javascript issue - not a Mac OS X specific issue)
3. Flash (aka a Flash issue - definitely not a Mac OS X specific issue)
4. Microsoft Office macros (aka a MS issue - not a Mac OS X specific issue)
5. Trojans and other bad stuff downloaded/installed by user - these have been often from some weird P2P program (user issue)
6. User issues (command line acrobatics, allowing a child to use an administrator account, user removing some stuff they shouldn't, using a rotten AppleScript or Automator script, or installing something themselves - user issues)
7. User settings, or sometimes default settings (e.g. automatic login, using an administrator account for everything, having bad passwords) <-- these are potential hazards if the Mac gets to wrong hands
8. Mac OS X settings (e.g. in 10.7 no admin password is no longer required for system updates... that Software Update downloads from Apple's site) <-- some of these could have some potential

[Satcomer]

Apple today released trough Software update a third Java update that removes the Trojan plus turn of auto running Java Applelets unless you put a checkmark in /Applications/Utilities/Java Preferences.app. You can read about it at the MacWorld article New Java update from Apple removes Flashback malware. So check your Software Update today.

[Satcomer]

Well today there is a new Java exploit affecting Macs again. Read the article Sabpab, new Mac OS X backdoor Trojan horse discovered and parroted by Forbes article New Mac OS X Backdoor Trojan Discovered.

As the article mention I checked /YourUserName/Library/Preferences/ for the files com.apple.PubSabAgent.pfile & /Library/LaunchAgents/com.apple.PubSabAGent.plist and both were there. So I am not sure but I Securely Deleted them just in case.

So you all should better check also and go into Safari's Preferences, Security and turn off Java for now since this is how bad people are exploiting Macs right now.

[Doctor X]

Are you sure you did not find com.apple.PubSUbAgent.plist?

The reason I mention that is some might, in searching for these, may misread the "u" for an "a."

--J.D.

[MrEnigma]

Not that it will be very visible on page 58, but i just wanted to contest the "No virus on OS X" claim. Exploits have been available since 2003.

Have a look http://www.exploit-db.com/platform/?p=osX

[Doctor X]

But they are not vira.

--J.D.

[Randy Singer]

The topic of viruses comes up all the time. There is a comprehensive list of all of the malware for Mac OS X, which is kept meticulously updated, here:

http://www.reedcorner.net/mmg-catalog/

This list is maintained by someone who isn't biased, in that he isn't
trying to sell you anti-virus software.
On the far left of this list each piece of malware is rated for its
"threat level."

Note that there currently are no actual "viruses" (defined as self-propagating malware) in the wild for the
Mac. Most of the malware are Trojan Horses which can be avoided by
simply keeping vigilant.
Also note that of the handful of malware that exists, just about all
of it is of little or no concern.

The vast majority of Mac users do without any anti-malware software. However, if you want something economical to scan for viruses, this is free and very effective, and it won't bog down your Mac:

Clam X Anti-Virus (Free)
http://www.clamxav.com