Mac Virus is an anti-malware information page created by Susan Lesch in the 1990s, and inherited by David Harley when Susan couldn’t find time to update it any more. He wasn’t updating it much either, but as Mac malware looks like becoming a larger part of his life, this started to change drastically in 2010. In summer 2010, Old Mac Bloggit, the well-known pseudonymous typographical error (apologies to the shade of Spike Milligan) joined the crew.
The main Mac Virus URL is http://www.macvirus.com/, and we have no connection with macvirus.org or macvirus.net. And while one of the contributors currently works for a security company, this is a vendor-neutral zone. It is not financed or resourced by any security company, and opinions expressed here do not represent the views, policies or interests of any company. Or even Small Blue-Green World, necessarily, since Old Mac doesn’t work for us. 
The photo, by the way, was taken in Surrey in February 2010, and yes, the sky really was that colour.
I would like to know if there is any virus/malware/etc that targets OSX and that (1) does not require a password-authorized installation to do damage and (2) has ever actually harmed a home-based OSX user. I note that your Malware Descriptions page currently lists just two (count them, two!) examples of OSX malware, and that both require a password-authorized installation.
By: marks on September 22, 2010
at 16:21
@marks: I did count them, and there are three on the malware descriptions page. That isn’t because there aren’t any more, it’s because I haven’t time to work on this right now. Actually, our collection of OS X-targeting malicious binaries at ESET is now well into the thousands, though that means unique binaries, not malware families. Do they all need password-authorized installation? That depends on a number of factors, but in principle, probably. The same should apply to properly-configured NT-derived Windows machines: it certainly applies to my systems of all denominations. Have they ever harmed an OS X home system? Yes. Anything like the number of infected Windows systems? Of course not. Does that mean they don’t matter? No.
By: David Harley on September 22, 2010
at 18:03
David Harley wrote: “Have they ever harmed an OS X home system? Yes.”
Can you give a citation to a credible source for a SPECIFIC EXAMPLE of a DEFINITE INCIDENT of OSX malware that did not require password authorization and damaged home-based users?
I have been unable to find any such example myself in searching the literature on Mac security.
By: marks on September 23, 2010
at 15:55
I don’t know what proportion of OS X-specific successful attacks on OS X home users required password authorization. Most or all of them, I imagine. There are attacks that don’t require it, but I don’t know how many have worked “in the wild”. Since most home users of OS X don’t believe they need security software, it’s hard to know what’s out there but unreported, given that we’re talking about very small populations. I suppose it would be mildly interesting as pure research to know the answer to your question. Pragmatically, though, it doesn’t matter much. If a program does or could do harm, it does matter, though, whether or not it requires some form of social engineering in order to trick the victim into running it/giving it permission to run. I know that some Mac enthusiasts feel it somehow doesn’t count if malware is user-launched rather than self-launching, but I’ve never understood why. (He said, trying to be tactful.)
If AV companies didn’t bother with all the user-launched Windows malcode, the Windows malware problem would be statistically very much smaller and I could have the occasional weekend off. That might not be very helpful to all those victims of user-launched malcode, though.
By: David Harley on September 24, 2010
at 09:25
[...] About Us [...]
By: A Brief History* of …errr Malware « Mac Virus on November 24, 2010
at 16:40
[...] About Us [...]
By: Dear cowardly pseudonym… « Mac Virus on December 14, 2010
at 10:45
At the InfoSec Institute we are building a website (http://resources.infosecinstitute.com) devoted to exploring deep analysis of vulnerabilities through reverse engineering and exploit development for our students as well as the broader IT field. We have seen the work you are doing online and I am wondering if you would be interested in contributing to InfoSec Resources.
The topics you are already exploring would be informative to our readers. We also have a list of potential story ideas if you are not sure what you want to write about next.
We have over 300,000 subscribers to our monthly email newsletter. We feature top content from InfoSec Resources in each issue. Our subscribers include media in the field. This gives our website, and any articles you might contribute, wide exposure in tech media.
Recently, one of our authors reversed a sophisticated rootkit in a four part series:
http://resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/
It was picked up by several media outlets:
http://www.theregister.co.uk/2010/11/18/zeroaccess_rootkit_deconstructed/
http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=228300156&cid=RSSfeed_IWK_All
http://threatpost.com/en_us/blogs/image-day-dissecting-zeroaccess-crimeware-111510
http://www.eweek.com/c/a/Security/InfoSec-Cracks-Open-ZeroAccess-Rootkit-to-Find-Unique-Features-462289/
If you are interested in expanding your potential audience, we would enjoy hearing your article ideas or can suggest some if you are interested.
I look forward to hearing from you.
Respectfully,
Terrence Miltner
Managing Editor, InfoSec Resources
By: terrence miltner on February 21, 2011
at 21:09
[...] About Us [...]
By: Mac Viruses is not Mac Virus… « Mac Virus on November 4, 2011
at 12:15