About Us

Mac Virus is an anti-malware information page created by Susan Lesch in the 1990s, and inherited by David Harley when Susan couldn’t find time to update it any more. He  wasn’t updating it much either, but as Mac malware looks like becoming a larger part of his life, this started to change drastically in 2010. In summer 2010, Old Mac Bloggit, the well-known pseudonymous typographical error (apologies to the shade of Spike Milligan) joined the crew.

The main Mac Virus URL is http://www.macvirus.com/, which , and we have no connection with macvirus.org or macvirus.net. And while one of the contributors currently works for a security company, this is a vendor-neutral zone. It is not financed or resourced by any security company except for ICSALabs, which owns the macvirus.com domain (thanks for renewing the registration, guys). Opinions expressed here do not represent the views, policies or interests of any company. Or even Small Blue-Green World, necessarily, since Old Mac doesn’t work for us. :)

The photo, by the way, was taken in Surrey in February 2010, and yes, the sky really was that colour. :)

Responses

  1. I would like to know if there is any virus/malware/etc that targets OSX and that (1) does not require a password-authorized installation to do damage and (2) has ever actually harmed a home-based OSX user. I note that your Malware Descriptions page currently lists just two (count them, two!) examples of OSX malware, and that both require a password-authorized installation.

    • @marks: I did count them, and there are three on the malware descriptions page. That isn’t because there aren’t any more, it’s because I haven’t time to work on this right now. Actually, our collection of OS X-targeting malicious binaries at ESET is now well into the thousands, though that means unique binaries, not malware families. Do they all need password-authorized installation? That depends on a number of factors, but in principle, probably. The same should apply to properly-configured NT-derived Windows machines: it certainly applies to my systems of all denominations. Have they ever harmed an OS X home system? Yes. Anything like the number of infected Windows systems? Of course not. Does that mean they don’t matter? No.

  2. David Harley wrote: “Have they ever harmed an OS X home system? Yes.”

    Can you give a citation to a credible source for a SPECIFIC EXAMPLE of a DEFINITE INCIDENT of OSX malware that did not require password authorization and damaged home-based users?

    I have been unable to find any such example myself in searching the literature on Mac security.

    • I don’t know what proportion of OS X-specific successful attacks on OS X home users required password authorization. Most or all of them, I imagine. There are attacks that don’t require it, but I don’t know how many have worked “in the wild”. Since most home users of OS X don’t believe they need security software, it’s hard to know what’s out there but unreported, given that we’re talking about very small populations. I suppose it would be mildly interesting as pure research to know the answer to your question. Pragmatically, though, it doesn’t matter much. If a program does or could do harm, it does matter, though, whether or not it requires some form of social engineering in order to trick the victim into running it/giving it permission to run. I know that some Mac enthusiasts feel it somehow doesn’t count if malware is user-launched rather than self-launching, but I’ve never understood why. (He said, trying to be tactful.)

      If AV companies didn’t bother with all the user-launched Windows malcode, the Windows malware problem would be statistically very much smaller and I could have the occasional weekend off. That might not be very helpful to all those victims of user-launched malcode, though.

  3. [...] About Us [...]

  4. [...] About Us [...]

  5. At the InfoSec Institute we are building a website (http://resources.infosecinstitute.com) devoted to exploring deep analysis of vulnerabilities through reverse engineering and exploit development for our students as well as the broader IT field. We have seen the work you are doing online and I am wondering if you would be interested in contributing to InfoSec Resources.

    The topics you are already exploring would be informative to our readers. We also have a list of potential story ideas if you are not sure what you want to write about next.

    We have over 300,000 subscribers to our monthly email newsletter. We feature top content from InfoSec Resources in each issue. Our subscribers include media in the field. This gives our website, and any articles you might contribute, wide exposure in tech media.

    Recently, one of our authors reversed a sophisticated rootkit in a four part series:

    http://resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/

    It was picked up by several media outlets:

    http://www.theregister.co.uk/2010/11/18/zeroaccess_rootkit_deconstructed/

    http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=228300156&cid=RSSfeed_IWK_All

    http://threatpost.com/en_us/blogs/image-day-dissecting-zeroaccess-crimeware-111510

    http://www.eweek.com/c/a/Security/InfoSec-Cracks-Open-ZeroAccess-Rootkit-to-Find-Unique-Features-462289/

    If you are interested in expanding your potential audience, we would enjoy hearing your article ideas or can suggest some if you are interested.

    I look forward to hearing from you.

    Respectfully,

    Terrence Miltner
    Managing Editor, InfoSec Resources

  6. [...] About Us [...]

  7. Does anybody know of a new redirect virus or bot or trojan or malware or worm, etc. that hijacks the Safari address bar and sends you to either a fake Centurylink.net web helper page or a Go Daddy page (possibly also fake). I have tried everything to get this thing off my computer. I have talked to Apple Support several times, I have deleted all extensions and plug-ins. I have reset Safari. I have deleted and reinstalled Safari. I bought Norton and ran a scan and it found nothing. I have also tried Clamxav. Still nothing. I have used disk utility to delete free space and then to completely format my drive with a 7 pass security sweep. It is still there, except now when it redirects me I get an error message that server cannot be found.

    I think it has something to do with a vulnerability in Java because when I reinstalled Java, the error messages went away and I was directed back the the Centurylink.net webhelper page.

    Please help me if you can.

    • Have you scanned the disk with ‘Possibly Unwanted’ detection enabled?

  8. Hi was at work today and one of the guys says his mate has a mac with OSX and he took it to the Apple repair guy locally here (not an apple store ) who told him he needed to buy a new mac as it had a virus on it.) Now this sounds very bizarre I am going to see if this friend of a friend will let me look at it. I know no more details but have you ever heard of a virus or malware for osx that renders the computer unfixable ? I would of though that worst case scenario I’d just reformat the drive and do a fresh install. This all sounds crazy to me. what do you think?

    • No, I haven’t heard of any such malware. It may be that the Mac (or maybe just the drive) is no longer repairable – it happens, even to Macs – but to claim that it’s due to malware? Unless the repair guy can actually identify the malware, there’s a chance that it’s just shorthand for “I don’t know what the problem is and I can’t fix it.”

  9. Don’t know if you can help or not but … have picked some kind of bug up. I run 10.6.8 on 1 disk and 10.7 on another internal drive on a Mac Pro. Symptoms are a continuos playing of alert sound on start-up and the Mac selects an icon on desktop and I can’t click/select others without the cursor shooting back to the original. In list view the bottom item in the list is selected and random commands on drop down menus are selected. It can last for minutes or an hour or more then it stops only to start later. I downloaded 10.7 and burnt it to a DVD, started up from it planning a clean install. However the Erase Disk command in the Utilities menu on the DVD is greyed out so I guess that disk is also screwed. Safari stopped displaying web pages tonight. In despair I installed AppleJack but couldn’t boot into it until I held the Shift key down at StartUp along with Cmd-S. Have run AppleJack and am typing this in in Safari so all is quite at present but I would love to be rid of this virus/malware for good. Any ideas welcome, thanks Cam

    • I’m afraid your symptoms don’t ring a bell with me. For what it’s worth it doesn’t sound like any malware that I’m acquainted with. Perhaps there’s a reader with more recent experience of direct Mac support who can make some suggestions?

  10. I am seeing this website in my history for the last few days and it is nothign that anyone in my family is familiar with

    https://secure.enshealth.com/aphrodite/servlet/com.ens.aphrodite.communication.AphroditeServlet?page-type=HEALTH_E_NETWORK

    Do I have malware or a virus on my mac?

    Thank you

    • That link is a login page to the Medical Claims Center of what seems to be a supplier (Electronic Network Services) of EDI/workflow services to healthcare providers in the US. I don’t have any information about them beyond what it says on their web pages, and am not aware of the site’s having any association with malware. Sorry, but I haven’t a clue as to how it turned up in your browser history. It doesn’t sound like the sort of site you’d expect adware to divert you to.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 38 other followers

%d bloggers like this: