Mac Viruses??

blue gekko

blue gekko

I *heart* Mac
I know Macs don't get as many viruses as 'pcs' but I had heard of some pretty nasty virsuses out there at the moment. When you hear about these should Mac users 'be aware'? I saw it in the news recently and haven't been able to find any more details on it, one which starts with a "C" and is dormant and waiting to be activated globally.

Are there any current viruses which Mac users should be looking out for and is there a Mac specific site we can go to which lets users know of current viruses and how to combat them?

Thanks in anticipation of any replies.
 
Conficker (which is the trojan you're referring to) only affects Windows systems since it takes advantage of a vulnerability that MS issued a patch for late last year. It takes advantage of the unpatched Windows systems and makes that system a part of a "botnet" of sorts.

The only one that's become a big deal recently in tech news is the trojan that comes with pirated versions of Photoshop CS4 and iWork '09. It actually prompts you to authenticate with an administrative username and password so that the trojan can install itself and cause your Mac to become part of a botnet. Because it requires you to give your username and password, you can prevent the infection by canceling the authentication window. In other words, this trojan requires the user to allow it to install. So unless you allow it, you are still safe for the most part.
 
Thanks nixgeek, I have been trying to follow a thread started by 'Captain Code' titled Viruses on OS X. You guys are too technical for me and I only managed about 6 pages, then I started seeing the fuzzies.

When an uneducated like me says 'virus' should I be specific and include trojans, malware, spyware and anything else that might be out there? or is the term 'virus' ok to use in a generic sense. I also went to a web site, Sophos.com, and found a good layout which gives the name of the virus and also other details I want to know, like the OS it affects. Is this a good product to buy? I have also heard about clamXav. Any suggestions?

Also can someone explain to me; if I am using MS Word 2008 on a Mac, and I am given a pc file in Word which is infected, will I be infected as well? Thanks again.
 
blue gekko said:
Are there any current viruses which Mac users should be looking out for
Click to expand...

It would be hard to find any malware for the Mac if you went out looking for it. But there *is* some out there. (Which I mention more as an academic exercise, than anything else. You don't have to be "looking out" for this stuff.)

There are currently no actual "viruses" specifically for OS X.
http://en.wikipedia.org/wiki/Computer_virus

There are cross-platform macro viruses for Microsoft Word and Excel, but they are fairly easy to guard against by turning on "Macro Virus Protection" in those programs (assuming that you even have those programs).
http://kb.iu.edu/data/agzk.html
They don't run in Office 2008 at all, because Office 2008 doesn't include Visual Basic. Of course, if you use Word or Excel and you routinely expect to receive documents with legitimate macros in them, blocking all macros isn't sufficient, and you will probably need anti-virus software to keep you safe.

There are a handful of Trojan Horses for OS X (and not just harmless "concepts"), but since they don't self-propagate, and since the sociopaths who create them don't want to be caught, they are just about as rare as hen's teeth. I've heard of:

ASthtv05 and AStht_v06
http://www.macworld.com/article/134084/2008/06/www.idgconnect.com
http://www.securemac.com/applescript-tht-trojan-horse.php

iSight Trojan
http://www.theregister.co.uk/2008/06/23/mac_trojan/

OSX/Hovdy-A
http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html

DNSChanger /OSX.RSPlug.A /OSXPuper
http://www.dnschanger.com/

OSX.RSPlug.E (a variant of RSPlug )
http://www.intego.com/news/ism0808.asp

OSX.Lamzev.a
http://www.symantec.com/security_response/writeup.jsp?docid=2008-111315-1230-99

Worm.OSX.Autostart
http://lowendmac.com/virus/worm.shtml

Leap-A
http://blogs.zdnet.com/Apple/?p=100

I don't know to what extent any of the above are duplicate names for
the same thing since most reporting services don't cross-reference each other.

You can avoid all of these Trojans, for now, just by exercising the slightest care. At this time, if you don't install pirated commercial software downloaded from peer to peer file-sharing networks, and you don't download video codecs offered by porn Web sites, you should be fine, as these are the only two ways that the above Trojans have been disseminated. (This could, of course, change at any time.)

blue gekko said:
and is there a Mac specific site we can go to which lets users know of current viruses and how to combat them?
Click to expand...

There is this site:
http://www.securemac.com/
But it tends to over-exaggerate threats, be somewhat inaccurate, and it talks about a lot of things that aren't of any interest/concern to end-users, as opposed to system administrators and security consultants. If you tend to be paranoid, don't visit this site.

A better source is press releases from Intego:
http://www.intego.com/news/pressroom.asp
But you have to be aware that they want to try and sell you their anti-virus software, which you probably don't need.

There are a number of respected virus tracking sites, that track *both* Windows and Mac threats. You just have to do a search on them for "Macintosh" and filter out anything for Mac OS's prior to OS X:

Secunia Advisory
http://secunia.com/product/96/#advisories

McAfee
http://vil.mcafee.com/

Symantec
http://www.symantec.com/avcenter/
http://securityresponse.symantec.com/avcenter/venc/data/

F-Secure
http://www.f-secure.com/virus-info/
http://www.f-secure.com/v-descs/

Sophos Virus Analyses:
http://www.sophos.com/virusinfo/analyses/
http://www.sophos.com/virusinfo/

SecurityFocus
http://www.securityfocus.com/archive/
 
blue gekko said:
When an uneducated like me says 'virus' should I be specific and include trojans, malware, spyware and anything else that might be out there? or is the term 'virus' ok to use in a generic sense.
Click to expand...

In the Macintosh world, the term "virus" is usually used only to refer to malware the is self-propagating. In the Windows world, the term "virus" is often (incorrectly) used to refer to all malware.
http://en.wikipedia.org/wiki/Computer_virus

There are no viruses specifically for OS X. There *are* some macro viruses and Trojans. There is no spyware that can be installed without physical access to one's Macintosh. At least not any that works. There is very little adware to be concerned about.

blue gekko said:
I also went to a web site, Sophos.com, and found a good layout which gives the name of the virus and also other details I want to know, like the OS it affects. Is this a good product to buy?
Click to expand...

Sophos makes an excellent AV product for the Macintosh. Unfortunately, they show no interest in selling to individual end-users. Generally they sell site-licenses to businesses. And their product isn't cheap.

blue gekko said:
I have also heard about clamXav. Any suggestions?
Click to expand...

I could write a long article on ClamXav...and in the past I have. The bottom line is that the product doesn't look for OS X-specific malware, and that no one is working on adding this capability to the product. So, while the product has the potential to be a great one for Mac users, it is currently less than useless to Mac users. I say *less* that useless, because it lulls Mac users into thinking that it is actually protecting them, and it isn't. (It does look for Word and Excel macro viruses, but it can only flag them, not strip them out. So it is fairly useless for this also.)

blue gekko said:
Also can someone explain to me; if I am using MS Word 2008 on a Mac, and I am given a pc file in Word which is infected, will I be infected as well? Thanks again.
Click to expand...

Word 2008 can't run Visual Basic macros, because it does not include Visual Basic. So you are completely safe. (But if you receive a file with a Word macro virus in it, don't send it on to anyone else!)
 
Last edited:
I have a random, very loud "Tada" sound on my Mac OSX 10.5.6 and it has been suggested that it might be a virus. Is this possible? or is there a way to check this out?

Thanks, Dan
 
It's unlikely that it is a virus.

I'm assuming that you aren't referring to the startup sound, and that the sound really is random and not associated with any event or time period.

Open Activity Monitor (it is in your Applications/Utilities folder) and keep it running, and see if it shows you what the source is when it plays.

You might also want to look in:
System Preferences/Accounts/Login items
and see if there are any background programs running that would cause that sound to play.
 
crankin said:
thanks, I'll try that :)

Dan
Click to expand...



I remember fryke responding to you in the thread you originally created about this. He had asked if it does it in intervals, specifically in 15, 30, or 45 minute intervals. If this is so, then it might be related to the alarm under Date & Time in System Preferences.
 
well it happened only two times last nigh, once at 6:43p, and again at 8:47p. It never happens at the same time every night, and usually more than 2 times in the evening. I checked the user accounts and login items, (nothing there). checked date and time preferences. I have checked the activity monitor and couldn't find anything out of the ordinary. a paranoid friend of mine thinks its my mac telling me someone is hacking me lol. IDK, it drives me and my wife crazy. Seems to do it more often when I have a couple of things running: AIM, Firefox, TV, and email. I have shut off all sounds to those programs except the TV.

Thanks, Dan
 
crankin said:
I have checked the activity monitor and couldn't find anything out of the ordinary.
Click to expand...

Leave Activity Monitor open all the time. Check it at the precise moment that the sound is played.

If Activity Monitor doesn't report what is playing the sound, it may be that your Mac is haunted. :cool:
 
I do a lot of online banking, buying and selling on ebay. I received an email from smith micro software advertising their product "internet clean up 5" for Macs. In that email it says:

Hidden surveillance programs can be lurking on your Mac recording what you type, where you browse and even taking snapshots of your screen! Internet Cleanup safeguards your critical data and keeps your personal information private.

Is this true? and if so how can I protect my identity and bank info?

Thanks, Dan
 
crankin said:
AIM, Firefox, TV, and email. I have shut off all sounds to those programs except the TV.
Click to expand...
Could it be AIM playing a notification sound that something like a buddy has signed on/off, you've received a new message, you have new mail in your AOL inbox, or something similar to that?

I remember a "Ta-da!" sound that ICQ (an older IM client/protocol) used that sounded like a trumpet or some medium-to-high pitched horn that played "Ta-daa!" whenever a new message or a buddy signed on.

Try running without AIM for a spell -- a day or two -- your buddies will live if they don't talk to you on IM for a day, right? -- and see if it still happens. If not, I suspect some alert sound in AIM is doing it.
 
crankin: Do *NOT* click on anything on such messages. That's _exactly_ how malware-makers are trying to lure you into a false feeling of safety. It'll download some trojan if you follow their lead. I'm not kidding, btw.
 
ok, I didn't. but is any of that true? is there a way to scan my mac for trojans/virus'? and can I protect my Identity & bank info on my mac? should I use the file vault? is there a registry or anything I need to clean out? I'm glad I started talking to you guys, I never knew a lot of this stuff.

Thanks, Dan
 
Basically, no. There is very very little mac virus/spyware/malware. That is as long as you haven't downloaded pirate versions of Adobe CS4 or iWorks, or installed video codecs from porn sites.
 
oh, good! ya, none of that stuff... SO do you have some tips on other ways to keep my Mac cleaned out and my identity/bank info safe?? I use the disk utility now (clean free space) I have turned on all of the security stuff, but I don't understand the file vault thing. And how to keep websites like my bank and paypal from staying on my mac.
Thanks, Dan
 
You must log in or register to reply here.
Back
Top