As I’m no longer regularly working in the security industry, this page/site is no longer being maintained. It’s left up here for historical reasons only.
David Harley, 15th April 2020
Mac Virus is an anti-malware information page created by Susan Lesch in the 1990s, and inherited by David Harley when Susan couldn’t find time to update it any more. He wasn’t updating it much either, but as Mac malware looked like becoming a larger part of his life, this started to change drastically in 2010. However, it’s become much less of a priority in recent years.
Why ‘The Official Mac Virus blogsite’? Well, we don’t claim any particular authority to comment on OS X/iOS/Android security apart from David’s 30-odd years in the security industry: that tagline was introduced simply to differentiate the site from several wannabe sites that started to call themselves Mac Virus. It’s ‘official’ only in that Susan asked David to continue to support the site in some form when she no longer had time to, rather than let it be co-opted by anyone who had no connection to the original site.
It’s not ‘official’ in the sense of representing malware writers, the anti-malware industry, the security product testing industry, Apple, Android, Microsoft or anyone else. It’s just a platform where I pass on and comment on news and issues relating to security – especially Mac and smartphone/tablet security – that I find interesting. Furthermore, because I’m semi-retired, I give it a lot less attention than I used to. Apologies if anyone is expecting more than that.
In summer 2010, Old Mac Bloggit, the well-known pseudonymous typographical error (apologies to the shade of Spike Milligan) joined the crew, but isn’t currently contributing. As David is no longer working full-time and in any case the page isn’t sponsored, this site isn’t maintained as regularly as it was.
The main Mac Virus URL is http://www.macvirus.com/, though https://macviruscom.wordpress.com/ also works, and we have no connection with macvirus.org or macvirus.net. And while David Harley currently works closely with the security company ESET, this is a vendor-neutral zone. Thanks are due to ICSALabs, which owns the macvirus.com domain but exercises no control over the content. Thanks are also due to ESET for allowing me to maintain this site without trying to influence its content. Opinions expressed here do not represent the views, policies or interests of any company. Or even Small Blue-Green World, necessarily, since Old Mac doesn’t work for us. 🙂 But then he hasn’t written for us for ages.
The photo, by the way, was taken in Surrey in February 2010, and yes, the sky really was that colour. 🙂
David Harley
Mac Virus 
I would like to know if there is any virus/malware/etc that targets OSX and that (1) does not require a password-authorized installation to do damage and (2) has ever actually harmed a home-based OSX user. I note that your Malware Descriptions page currently lists just two (count them, two!) examples of OSX malware, and that both require a password-authorized installation.
By: marks on September 22, 2010
at 16:21
@marks: I did count them, and there are three on the malware descriptions page. That isn’t because there aren’t any more, it’s because I haven’t time to work on this right now. Actually, our collection of OS X-targeting malicious binaries at ESET is now well into the thousands, though that means unique binaries, not malware families. Do they all need password-authorized installation? That depends on a number of factors, but in principle, probably. The same should apply to properly-configured NT-derived Windows machines: it certainly applies to my systems of all denominations. Have they ever harmed an OS X home system? Yes. Anything like the number of infected Windows systems? Of course not. Does that mean they don’t matter? No.
By: David Harley on September 22, 2010
at 18:03
David Harley wrote: “Have they ever harmed an OS X home system? Yes.”
Can you give a citation to a credible source for a SPECIFIC EXAMPLE of a DEFINITE INCIDENT of OSX malware that did not require password authorization and damaged home-based users?
I have been unable to find any such example myself in searching the literature on Mac security.
By: marks on September 23, 2010
at 15:55
I don’t know what proportion of OS X-specific successful attacks on OS X home users required password authorization. Most or all of them, I imagine. There are attacks that don’t require it, but I don’t know how many have worked “in the wild”. Since most home users of OS X don’t believe they need security software, it’s hard to know what’s out there but unreported, given that we’re talking about very small populations. I suppose it would be mildly interesting as pure research to know the answer to your question. Pragmatically, though, it doesn’t matter much. If a program does or could do harm, it does matter, though, whether or not it requires some form of social engineering in order to trick the victim into running it/giving it permission to run. I know that some Mac enthusiasts feel it somehow doesn’t count if malware is user-launched rather than self-launching, but I’ve never understood why. (He said, trying to be tactful.)
If AV companies didn’t bother with all the user-launched Windows malcode, the Windows malware problem would be statistically very much smaller and I could have the occasional weekend off. That might not be very helpful to all those victims of user-launched malcode, though.
By: David Harley on September 24, 2010
at 09:25
[…] About Us […]
By: A Brief History* of …errr Malware « Mac Virus on November 24, 2010
at 16:40
[…] About Us […]
By: Dear cowardly pseudonym… « Mac Virus on December 14, 2010
at 10:45
At the InfoSec Institute we are building a website (http://resources.infosecinstitute.com) devoted to exploring deep analysis of vulnerabilities through reverse engineering and exploit development for our students as well as the broader IT field. We have seen the work you are doing online and I am wondering if you would be interested in contributing to InfoSec Resources.
The topics you are already exploring would be informative to our readers. We also have a list of potential story ideas if you are not sure what you want to write about next.
We have over 300,000 subscribers to our monthly email newsletter. We feature top content from InfoSec Resources in each issue. Our subscribers include media in the field. This gives our website, and any articles you might contribute, wide exposure in tech media.
Recently, one of our authors reversed a sophisticated rootkit in a four part series:
http://resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/
It was picked up by several media outlets:
http://www.theregister.co.uk/2010/11/18/zeroaccess_rootkit_deconstructed/
http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=228300156&cid=RSSfeed_IWK_All
http://threatpost.com/en_us/blogs/image-day-dissecting-zeroaccess-crimeware-111510
http://www.eweek.com/c/a/Security/InfoSec-Cracks-Open-ZeroAccess-Rootkit-to-Find-Unique-Features-462289/
If you are interested in expanding your potential audience, we would enjoy hearing your article ideas or can suggest some if you are interested.
I look forward to hearing from you.
Respectfully,
Terrence Miltner
Managing Editor, InfoSec Resources
By: terrence miltner on February 21, 2011
at 21:09
[…] About Us […]
By: Mac Viruses is not Mac Virus… « Mac Virus on November 4, 2011
at 12:15
Does anybody know of a new redirect virus or bot or trojan or malware or worm, etc. that hijacks the Safari address bar and sends you to either a fake Centurylink.net web helper page or a Go Daddy page (possibly also fake). I have tried everything to get this thing off my computer. I have talked to Apple Support several times, I have deleted all extensions and plug-ins. I have reset Safari. I have deleted and reinstalled Safari. I bought Norton and ran a scan and it found nothing. I have also tried Clamxav. Still nothing. I have used disk utility to delete free space and then to completely format my drive with a 7 pass security sweep. It is still there, except now when it redirects me I get an error message that server cannot be found.
I think it has something to do with a vulnerability in Java because when I reinstalled Java, the error messages went away and I was directed back the the Centurylink.net webhelper page.
Please help me if you can.
By: Rebecca on November 26, 2013
at 04:00
Have you scanned the disk with ‘Possibly Unwanted’ detection enabled?
By: David Harley on November 28, 2013
at 17:07
Hi was at work today and one of the guys says his mate has a mac with OSX and he took it to the Apple repair guy locally here (not an apple store ) who told him he needed to buy a new mac as it had a virus on it.) Now this sounds very bizarre I am going to see if this friend of a friend will let me look at it. I know no more details but have you ever heard of a virus or malware for osx that renders the computer unfixable ? I would of though that worst case scenario I’d just reformat the drive and do a fresh install. This all sounds crazy to me. what do you think?
By: shaneblyth on February 3, 2014
at 04:25
No, I haven’t heard of any such malware. It may be that the Mac (or maybe just the drive) is no longer repairable – it happens, even to Macs – but to claim that it’s due to malware? Unless the repair guy can actually identify the malware, there’s a chance that it’s just shorthand for “I don’t know what the problem is and I can’t fix it.”
By: David Harley on February 3, 2014
at 11:41
Don’t know if you can help or not but … have picked some kind of bug up. I run 10.6.8 on 1 disk and 10.7 on another internal drive on a Mac Pro. Symptoms are a continuos playing of alert sound on start-up and the Mac selects an icon on desktop and I can’t click/select others without the cursor shooting back to the original. In list view the bottom item in the list is selected and random commands on drop down menus are selected. It can last for minutes or an hour or more then it stops only to start later. I downloaded 10.7 and burnt it to a DVD, started up from it planning a clean install. However the Erase Disk command in the Utilities menu on the DVD is greyed out so I guess that disk is also screwed. Safari stopped displaying web pages tonight. In despair I installed AppleJack but couldn’t boot into it until I held the Shift key down at StartUp along with Cmd-S. Have run AppleJack and am typing this in in Safari so all is quite at present but I would love to be rid of this virus/malware for good. Any ideas welcome, thanks Cam
By: Cam Lawton on May 6, 2014
at 18:22
I’m afraid your symptoms don’t ring a bell with me. For what it’s worth it doesn’t sound like any malware that I’m acquainted with. Perhaps there’s a reader with more recent experience of direct Mac support who can make some suggestions?
By: David Harley on May 6, 2014
at 19:31
I am seeing this website in my history for the last few days and it is nothign that anyone in my family is familiar with
https://secure.enshealth.com/aphrodite/servlet/com.ens.aphrodite.communication.AphroditeServlet?page-type=HEALTH_E_NETWORK
Do I have malware or a virus on my mac?
Thank you
By: Matt Harrigan on June 26, 2014
at 02:42
That link is a login page to the Medical Claims Center of what seems to be a supplier (Electronic Network Services) of EDI/workflow services to healthcare providers in the US. I don’t have any information about them beyond what it says on their web pages, and am not aware of the site’s having any association with malware. Sorry, but I haven’t a clue as to how it turned up in your browser history. It doesn’t sound like the sort of site you’d expect adware to divert you to.
By: David Harley on June 26, 2014
at 10:22