• Explore the magic and the mystery!



  • Welcome to the World of Fake Mac Viruses

    November 7th, 2006

    The security companies are encouraged. Windows users are hoping someone else will feel the pain, but in the end it seems the latest Mac virus threat is just another non-starter.

    Just the other day, Symantec delivered the news of still another one of those “proof of concept” viruses that seem to make headlines, but never actually infect Macs. The new virus is dubbed “OSX.Macarena,” a name clearly designed to eliminate any real confusion is to what platform is involved. Talk about silly names.

    According to another security company, Intego, “This proof-of-concept virus, which has not yet been seen in the wild, was published on a hacker Web site.”

    More specifically: “The virus can only infect Intel-based OS X computers. It consists of a C source file, an Assembler ‘dropper’ file, and documentation that explains how to create a virus that can infect Macintosh OS X binary files. Compiling the source code creates two binaries, the OS X virus file itself, and the dropper. The dropper is intended to infect Mac OS X binary files from a Windows installation on the current machine. This can be either via Apple’s Boot Camp, or via a virtualization application such as Parallels Desktop for Mac.”

    Let’s look at that statement carefully. You have to be running Windows on your Mac to create even the potential of an infection. In the unlikely prospect it does spread beyond the concept stage, that’s good to know. What’s more, “the virus does not carry a payload. When run it infects other executables in the current directory, regardless of their name or extension.”

    In other words, it’ll be there, but can’t actually damage anything beyond asserting its presence. So you can regard it as essentially a low-level infection.

    Naturally the virus definitions of both Symantec’s Norton Anti-Virus for the Mac and Intego’s VirusBarrier have been updated to combat OSX.Macarena.

    This sort of thing is, of course, nothing new. There have been a handful of proof of concept viruses in recent years, but they never seem to spread into the wild. The lone exception was a piece of malware that masqueraded as a set of pictures of a future version of Mac OS X, which, I gather, may have impacted a few hundred at most.

    All any of this news indicates is something we all should have known anyway, and that is that no computing platform is immune to viruses. It can happen, and perhaps some day there will be an outbreak of something that will have the potential of causing real damage to your Mac.

    In the meantime, a few technology pundits will wail and moan that Mac users now have good reason to be concerned. They might even suggest you arm yourself with the proper security software right away. My feelings about the matter are decidedly mixed.

    If you run Windows under Boot Camp or Parallels Desktop, it makes perfect sense to investigate the retail and even the free applications that will protect you against viruses, spyware and other threats. Whatever you select, install the software right away. The Windows environment may not impact your Mac experience, unless you want to count the potential of OSX.Macarena of course, but it could still cause you plenty of aggravation.

    What’s more, if you exchange files and letters with Windows users, you should look into one of the Mac virus protection applications and keep it regularly updated. They major entrants in this arena guard against Windows viruses too. Sure, your Mac may not be vulnerable, but do you really want to be the instrument of infection of a Windows user? Some of you might think it serves them right for choosing the wrong computing platform, but it’s a lot more complicated than that. Besides, just being plain nice and showing respect is never a bad idea.

    You’ll also want to install Apple’s periodic security updates, which are designed to close holes in the operating system that may leave you vulnerable to a potential infection. Unless the update itself causes stability problems of one sort or another — and that seems to happen from time to time — it’s really a simple decision to make.

    In the meantime, don’t you wonder why few of those alleged Mac viruses seem to ever spread into the wild? And then only in limited numbers? Maybe the Mac OS is more resilient than some of those so-called experts expect or believe.



    Share
    | Print This Post Print This Post

    12 Responses to “Welcome to the World of Fake Mac Viruses”

    1. woz says:

      Good story. But remember that .MP3 file that played like an MP3 in iTunes, but if you double clicked it in the finder app it was able to launch a malicious code? Was this ever fixed?

    2. Karl says:

      What’s more, if you exchange files and letters with Windows users, you should look into one of the Mac virus protection applications and keep it regularly updated. They major entrants in this arena guard against Windows viruses too. Sure, your Mac may not be vulnerable, but do you really want to be the instrument of infection of a Windows user?

      I hear this a lot. Is this really a threat or just a proof of concept? I have been using Macs for the better part of 11 years and have never forwarded a virus to a Window’s user. I’m not saying it doesn’t happen, I am wondering if it really happen a lot? Or happen enough to warrent a statement like that?

      What happens if it does get sent from Mail.app to a Windows user? Is it the same as when a Windows mail client passes it to another Windows email client?

    3. woz says:

      Well just about ALL window-users have a desktop spam and virus filter. And their domain does so too. So even IF, by mistake, I send an email the virus will most likely be intercepted. No need to install those memory-hogs anto-virus apps.

    4. Well just about ALL window-users have a desktop spam and virus filter. And their domain does so too. So even IF, by mistake, I send an email the virus will most likely be intercepted. No need to install those memory-hogs anto-virus apps.

      Sure, depend on the other person to be protected. And if they happen to forget to update their software, and the infection you pass on is one they’re not protected against? Serves them right?

      Peace,
      Gene

    5. woz says:

      I don’t mean to be rude, but :
      1) this fictious email with a virus attached will first have to pass through my hosting-company. My domain has -as do all professional domains- SPAM and virus filters. (With auto- update).
      2) Then it’s required that I don’t see it’s an .EXE or some other vague extention that can do harm on a Windows computer
      3) After that It’s required that I don’t open the attachement and just forward the email I just got (from an infected PC!)
      4) And the receiving party must not have a professional domain with SPAM and virus filters
      5) The recieving party must not use (updated) anti virus software
      6) The recieving party should have their email app configured to automatically open everything

      Thats al lot of ‘ifs’. And even if all the above happens, and someone will get infected, how will they know it was me? Their PC just crashed on them 😉

    6. Thats al lot of ‘ifs’. And even if all the above happens, and someone will get infected, how will they know it was me? Their PC just crashed on them 😉

      Your first mistake is assuming that every Mac user is like you and understands all this stuff. That’s just not so, and a little extra protection rarely hurts 🙂

      Peace,
      Gene

    7. Javier says:

      Macarena.OSX is not a virus. It can not replicate and spread by itself. It does not attach itself to email; it doesn’t mail itself to people in the address book; it doesn’t install itself in the system folder, application folder, startup folder, or any other folder. It doesn’t spread to other computers by itself.

      At best, it is another Trojan horse that requires user interaction in order to infect a computer. It is an executable that needs to be activated by a human being.

      In my opinion, Macarena.OSX does not “prove the concept”. Macs maybe susceptible to viruses. Macarena.OSX is not the proof.

    8. Gslusher says:

      See this ZDNet/Australia article for another point of view. Apparently, the OSX.Macarena virus does not work very well and was difficult to write.

    9. Rob K says:

      At this point in time, what is more likely for OS X users, problems and hassles resulting from anti-virus software, or an actual virus?

      Always consider the source. Software companies want to sell software. Media outlets try to “package” their product in salable fashion. If the source doesn’t share your end of the equation, time for a heavy dose of common since!

    10. thetruthhurts says:

      I feel absolutely no obligation to spend my money, time or cpu cycles protecting windows people from windows malware. They have a made a bad decision to invest in a bad product. And because it they have had such a hard time of it they desparately try to defame the Mac platform with purposely misleading articles about Mac security. Macs ARE secure. There IS no threat. There is no reason to buy AV software. It is unethical to support the security industry, because the security industry will do anything to stay relevant…including creating malware that they can clean off of your machine.

    11. woz says:

      I forgot: We run a mail server and it also carries ANTI-vrius so there is no need for every mac to have their own anti-virus.

    12. Ilgaz says:

      I don’t think Macs can be used as an effective antivirus “device” for Windows clients. Kaspersky people started to update virus definitions HOURLY and there are always new viruses every hour. Also lets not forget “Signature” based antivirus checking is very old and will not detect unknown viruses unlike a real antivirus having heuristics/virtual machine actually WATCHES the system for suspicious activity.

      If we speak about a famous “zero day” exploit, if you don’t have a full feature antivirus/security suite, it will really make its way into Windows.

      Basically,if you will use Windows (including Bootcamp), get a real antivirus which has features like heuristics, frequent updates (at least daily!) and please, live the hassle adding ports of couple of games/multimedia apps and ENABLE the windows/whatever firewall you have.

      I suspect Mac users got used to “no viruses”- “BSD Based TCP” like features are more prone to windows viruses while they run Windows.

    Leave Your Comment