True confession: malware on my Mac

True confession: malware on my Mac

Summary: I'm an experienced computer user. Imagine my shock when I found I had over 25 pieces of malware on my Mac!

SHARE:
91

I'm an experienced computer user. Imagine my shock when I found I had over 25 pieces of malware on my Mac!

Ed Bott's been having fun with the 1st ever Mac specific phishing attack - MacDefender - so I checked it out. Following Adrian Kingsley-Hughes excellent suggestion, I downloaded the free Sophos Antivirus for Mac and let 'er rip.

A mere 6 hours later, Sophos gave me the bad news: 25 pieces of malware on my undefended Mac! OMG!

I made a silent promise to never laugh at hyper-ventilating, Windows-bigot alarmists again.

25 viruses!!! OK, a mix of viruses, phishing attacks and trojans. But 25! Holy crap!

With trembling fingers I brought up the helpful Sophos descriptions for each one.

Living the "impregnable Mac" fantasy Then came the 2nd shock: it was ALL Windows malware! Not a single piece of Mac malware. And none since then.

I'd no idea Windows malware was that bad. Lambs led to malware slaughter by Window's 90% market share. No wonder Windows bigots are ecstatic over 1 piece of Mac malware!

The Storage Bits take Seriously, would any Mac user who believed his machine impervious to malware buy a flashing "scanning for viruses" message? No, it's folks who don't know any better who fall for it.

It's the ignorance, stupidity and gullibility that scam artists have exploited for millennia - in computer guise. We can't idiot-proof the Internet.

Macs really are more secure than Windows. But people still have to use their brains to avoid every scam - which means some scams will work - regardless of platform.

What do I tell my Mac-using computer illiterate friends about Mac malware?

First, ignore the alarmists. Mac's are well locked down as they're based on Unix. Hackers have been beating up Unix for decades and it's solid.

Make it harder: don't download apps from sites you don't know; don't open up zip files from people or companies you don't know; don't install anything - which requires your password - if you didn't specifically want to install it. If in doubt, leave it out.

Buy new apps from the App Store. They're safe and will automatically be updated - with updates from the App Store.

One more thing: go to Safari Preferences->General and UNCHECK "Open "safe" files after downloading". Exploits can come in through JPEGs and movies. Only open files that you selected and trust.

Much of that advice goes for Windows users too. Except you should be alarmed: Windows malware is everywhere!

Comments welcome, of course.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

91 comments
Log in or register to join the discussion
  • RE: True confession: malware on my Mac

    Dear experienced computer user,<br>Why did you download .exe files to your Mac, which is well locked down as its based on Unix? Thank your favorite deity that there arent a significant number of viruses, phishing attacks and Trojans written to exploit Windows XP and Internet Explorer 6 that are successful against OSX and Safari.

    I wont bother to point out the phishing attacks are not OS specific.

    To quote a poignant statement I recently read "It's the ignorance, stupidity and gullibility that scam artists have exploited for millennia - in computer guise. We cant idiot-proof the Internet." It is just this ignorance that would allow an experienced computer user to download Windows executables on a Mac.
    A_Robinson
    • By the way, most of anti-virus software detects many utilities and ...

      @A_Robinson: ... professional software as "malware" even on Windows machines -- though, of course, it is wrong. So how many of these twenty five pieces of "malware" on Robin's system are *actually* malware, is not known.
      DDERSSS
      • Better to prepare for the worst, instead of hoping for the best

        @DeRSSS
        [i]So how many of these twenty five pieces of "malware" on Robin's system are *actually* malware, is not known.[/i]

        Does that matter? Why not just assume they all are malware, and protect yourself in the off chance they really all are all malware?

        It doesn't cost you anything.
        Will Pharaoh
      • RE: True confession: malware on my Mac

        I really wish you and others would stop espousing the view that OSX is immune to malware and the Unix in general is immune to exploits. It's demonstrably false, and it's irresponsible because it gives people a false sense of security. If Unix were immune, why did LulzSec exploit a Solaris server at the US senate? Hell, if Unix is immune, why do I have a job managing and securing Unix and Linux servers? The lesson I've seen neophyte administrators learn time and time again is that you should treat Unix as special at your own peril. The same rules as on Windows apply to Unix. Update frequently, follow bugtraq to keep on <a href="http://schoolgirlpictures.org">school girl pictures</a> top of exploits, use intrusion detection and virus detection software, and follow a doctrine of least-privileges.
        dhape
      • RE: True confession: malware on my Mac

        @DeRSSS What a scary proposition we need to be so vigilant. <strong><a href="http://www.hcs.harvard.edu/~scm/moin.cgi/TanzaSwerton">tanza</a></strong>
        uzoom
      • RE: True confession: malware on my Mac

        Its a truism in storage: consumers average files are bigger, making bandwidth more important than IOPS. But new research shows thats not true - among other interesting results.<br>Median files sizes arent changing. Yes, the largest files are larger - think audio and especially HD video - but small files continue to proliferate keeping the median file size unchanged <a href=http://www.dumpsterrental-milwaukee.com>dumpster rental Milwaukee</a> for 30 years.<br>The popularity of SSDs isnt just because theyre cool: the proliferation of small files - and the IOPS needed to access them - needs the fast random read performance of SSDs. Seagate is on the right track with their hybrid flash/disk drives.<br>While the amount of <a href=http://www.skymodels.co.uk/>skymodels</a> <a href=http://www.skymodels.co.uk/>remote control helicopter</a> of stored data isnt growing as fast as storage capacity, the tripling of file system capacity points up the need for higher data integrity. The more data you store the more likely our crummy file systems are to corrupt your data.<br>And finally, its good to see that the background defrag built into Windows and Mac OS - though the latter wasnt included in the study for some reason - actually works. Sometimes problems do get solved.<br>Macs really are more secure than Windows. But people still have to use <a href="http://www.clarkfinancial.com">online trading</a> their brains to avoid every scam - which means some scams will work - regardless of platform.<br>So while it may be true that most iPhone/iPad users are not deeply aware of the technical differences between different options, I suspect they eventually acquire an intuitive sense of the different experience offered by those devices.
        richard8990
      • RE: True confession: malware on my Mac

        Macs really are more secure than Windows. But people still have to use their brains to avoid every scam - which means some scams will work - regardless of platform.
        What do I tell my Mac-using computer illiterate friends about Mac <a href="http://www.careworx.co.uk">care home jobs</a> malware?
        First, ignore the alarmists. Mac???s are well locked down <a href="http://www.careworx.co.uk">care jobs</a> as they???re based on Unix. Hackers have been beating up Unix for decades and it???s solid.

        Make it harder: don???t download apps from sites you don???t know; don???t open up zip files from people or companies you don???t know; don???t install anything - which requires your password - if you didn???t specifically want to install it. If in doubt, leave it out.

        Buy new apps from the App Store. They???re safe and will automatically be updated - with updates from the App Store.

        One more thing: go to Safari Preferences->General and UNCHECK ???Open ???safe??? files after downloading???. Exploits <a href="http://www.careworx.co.uk">nurse jobs</a> can come in through JPEGs and movies. Only open files that you selected and trust.

        Much of that advice goes for Windows users too. Except you should be alarmed: Windows malware is everywhere!
        richard8990
      • RE: True confession: malware on my Mac

        It???s been fifteen months since the first iPad shipped. Nearly every sizable company that makes anything that looks even sort of like a computer or a phone has rushed into the market that Apple created. Many of these companies haven???t yet shipped the tablets they???ve announced. Still, a critical mass of major iPad alternatives are now here???tablets such as Motorola???s Xoom, RIM???s PlayBook, and Samsung???s Galaxy Tab 10.1.

        And yet no Apple competitor has started selling anything that clearly answers a fundamental question: ???Why should somebody buy this instead of an iPad???? Sure <a href="http://www.married-woman-personals.com/have-an-affair.html">have an affair</a>, it???s easy to point at specific things that other devices do better (or at least differently) than the iPad, and some of the people reading this article can explain why they chose another tablet and don???t regret the move. (If you???re one of them, please do!) Still, sales figures for tablets show that when consumers compare the iPad to other choices <a href=http://www.LLCinPA.com>Pennsylvania LLC</a>, an overwhelming percentage conclude that the iPad is the best option.
        richard8990
      • RE: True confession: malware on my Mac

        @DeRSSS
        This was a really interesting read. As a <H1><a href="http://www.my-houstonchiropractor.com">Houston chiropractor</a></H1>
        I can really appreciate this article.
        epark732
    • RE: True confession: malware on my Mac

      @A_Robinson
      Good question. All the files in question came in the form of spam emails - such the "United Parcel Service notification" spam - which includes a .zip file with the malware. I delete them, but I don't catch all of them.

      If someone made such a file specifically for OS X, I'm sure they'd catch some folks. But they haven't - yet.
      Robin Harris
      • RE: True confession: malware on my Mac

        @Robin Harris <br><br>The key here is yet. It doesn't hurt you to be proactive about security... In fact you should. <br><br>The fact is in the past year, Apple has released a significant number security related patches, some of which have arbitrary code execution vulnerabilities. <br><br>What was Microsoft's classic vector? IE. How was Apple exploited at PWN2Own? Safari. Same thing.... All it takes is 1 safari exploit + 1 local exploit, such as the 10.4 launchd race condition exploit to become root.... And you don't even need to be root to take part in a spam botnet. <br><br>I really wish you and others would stop espousing the view that OSX is immune to malware and the Unix in general is immune to exploits. It's demonstrably false, and it's irresponsible because it gives people a false sense of security. If Unix were immune, why did LulzSec exploit a Solaris server at the US senate? Hell, if Unix is immune, why do I have a job managing and securing Unix and Linux servers? The lesson I've seen neophyte administrators learn time and time again is that you should treat Unix as special at your own peril. The same rules as on Windows apply to Unix. Update frequently, follow bugtraq to keep on top of exploits, use intrusion detection and virus detection software, and follow a doctrine of least-privileges.<br><br>I have a vested interest in security... I think we all do. Which is why we, as security professionals, should encourage people to be proactive about security.

        On top of that, the whole "Don't view JPEGs from untrusted sources" thing doesn't apply 100% of the time. The fact is web developers are careless, and even if you trust someone, they could be subject to an XSS attack and be displaying hostile JPEGs, which can lead to arbitrary code execution. The only thing that points to is antivirus software.
        snoop0x7b
      • The key here is yet

        @snoop0x7b "The key here is yet" no the key part is that people like you have been saying this for 10 years, the yet has not happened because it is not going to happen after 10 years... by the time there is an exploit, OSX will be replaced by another OS all together...

        the pwn2Own contest show us that your "exploit" is not coming... the code execution vulnerabilities you are pointing out, STILL NEED THE USER TO BE socially engineered, even Charlie white's exploits REQUIRE an accomplice sitting at the Mac pointing the mac to a website...

        this is the most sophisticated attack yet, yet it takes months for charlie white to identify a buffer overflow, and then weeks to write an exploit by experimenting with that buffer overflow, AND AFTER ALL THAT, it is exactly the same, in that the user still has to be coaxed to a malicious website....

        no black hatter (as opposed to the white hatters like charlie) is going to spend that kind of time for the same results it takes him a few hours to do... proof is in MacDefender.... which is simply telling a person a lie, like someone calling and telling you your roof needs to be fixed, and then you telling us that your phone is has a critical vulnerability???... whatever....

        here i will prove the point further, i will set up a 10.4 OSX on a mac pro make it a server, with NO PATCHES connected to the web, i'll give you the IP address, and an open port, and I challenge you or Charlie white or ANYONE ELSE to break into it and tell me something individual about it.... I will even offer $100,000 dollars to the person who does it... remember this is a 5 year old system, 2 generations behind WITH NONE of your precious "arbitrary code execution vulnerabilities" patched, ALL of them open, NO PATCHES, and not a single person can exploit that mac....

        why is that????? if you did that with a 5 year old Windows OS, you're system would be a bot within mins, it was shown that it took i believe less than 4 mins for a Windows system, the same Mac from that era, was never hacked, yet it was probed about the same number of times the windows system.

        that is what a user needs to be concerned with, can someone just go into a mac user's system without their permission, (like they used to do within seconds of a Windows OS being plugged in to the web) and taking over their computer....

        a slightly educated Mac user can tell a social engineering con a mile away... we don't need protection from that.... we need to know about the "virus" the thing that is autonomous, or a remote exploit, an autonomous action... not a single exploit like that for OSX, and there never will be.. because OSX will be a completely new OS long before anything like that could happen.

        don't believe my 5 year old challenge?

        put "h t t p :" before, and "h t m" after.

        //www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.

        notice how many times the systems were probed, notice that OSX had zero vulnerabilities, also notice the Windows falling within a few mins...

        you could take that SAME exact OSX system, with NO PATCHES, NO updates, and plug it into the internet today, and make it a server even, still no remote exploits...

        yet people still come here and say, "not yet" notice how old that system is.... the point isn't how bad Windows was... which it was, but that if there is "yet" to be an attack, why won't a 6 year old OSX system fall even today?
        honkj
      • RE: True confession: malware on my Mac

        @honkj Ok, what's the IP address? Post it on ZDNet... Unpatched 10.4.0-Server fully opened to the internet (as per the conditions in the honey pot test)

        And FYI, the accomplice's role was to click a link, that's all... Nothing more. No downloading a file, no authenticating like mac defender. If someone authenticates, you're not pwning the machine, and that can't qualify for pwn2own. What makes that a compelling attack vector is the prevalence of XSS attacks in the wild. The way IE-based attacks spread so rapidly is the fact that so much web software is vulnerable to XSS attacks, and thus making it easy to embed exploit code in trusted websites.
        snoop0x7b
      • RE: True confession: malware on my Mac

        @honkj

        I'm pretty certain you don't have $100,000 to back up your offer so I guess you're safe.
        boomchuck1
      • RE: True confession: malware on my Mac

        @snoop0x7b

        Nowhere did Robin say that Mac OS X is invulnerable. I hear this argument all the time, that Mac users "claim the mac to be invulnerable," yet I have YET to see anyone claim that.

        However, since there are still ZERO viruses for Mac OS X, I think that it is reasonable to state that *in some ways* the Mac OS IS more secure.

        And yes I realize there is a proof-of-concept virus that exists, but it was written years ago as an experiment, and there are STILL no viruses in the wild for Mac OSn
        lelandhendrix@...
      • RE: True confession: malware on my Mac

        @Robin Harris Wow.. That's some good info to know.. I recently began switching over to a Mac.
        <a href="http://www.barskareviews.com/barska-binoculars">barska binoculars</a>
        krtinberg
    • RE: True confession: malware on my Mac

      Dear snarky commenter,

      I have no doubt that the author of the piece was just smacking himself, thinking "why didn't I come up with that answer?" Don't download executables that don't run on my machine, that's a thought! Perhaps you've noticed that some of the messages in your spam folder have attachments. If you've configured an email client on your computer, those messages may well have been downloaded to your computer without your screening them first. In fact, some Windows viruses are distributed that way, so that even an experienced computer user with the full knowledge that .exe files are not intended to run on a Mac could have those files on said Mac.

      More to the point, there were 25 bits of malware on that machine that would do no harm to the host operating system . It DIDN'T MATTER that they were on the machine.
      willhoyt
      • It could matter, if...

        @willhoyt

        These files were accidentally passed on to someone whose machine is running an OS for which this malware has been written.

        Just as I don't want to get malware, I wouldn't want to be responsible for passing it on.
        msalzberg
    • RE: True confession: malware on my Mac

      @A_Robinson

      Due to most work places being Windows-only, I, like most Mac users, live in 2 worlds: Windows at work, OSX at home. I too have ran Sophos scans that have turned up malware...all for Windows. I was actually quite impressed when Sophos was able to detect an old Windows program I had written to keep tabs on my young daughter's Internet activity (that was before we switched to Mac). Since I wrote it myself, I knew that (A) it was not a virus/trojan and (B) it had never escaped into the wild. No other antimalware software, including that crappy McAffee we use at work, has ever detected the software I wrote, only Sophos. So, I now scan my work thumbdrive on my Mac every night when I get home.
      HappyXWindowsUser
    • RE: True confession: malware on my Mac

      @A_Robinson <br>He never said that he had downloaded any .exe files--and why would he, as .exe files are useless and do NOTHING on a mac.<br><br>And, Windows executables have NO effect on a mac nor can they "infect" a mac system, so I'm not sure what you mean by "phishing attacks and Trojans written to exploit Windows XP and Internet Explorer 6 that are successful against OSX and Safari."<br><br>There are no windows viruses that affect Mac OS (there are NO mac viruses in the wild at all) nor are there any Trojans for Windows XP that affect a mac in any way.

      ?
      lelandhendrix@...