I know this is a stale old thread, but I came across it while researching a similar issue on a client's MacBook. I own a small I.T. consulting business in California with about 200 clients; we handle PCs and Macs and everything else for businesses and individuals.
First, in case anyone else comes across this thread through Google, it does
not look like an issue with the Mac itself. Resetting your home DSL/Cable/Other modem or router is probably the right thing to do. For people that aren't aware, routers can have two passwords: one to access the wireless network, but a different one to access the administration areas of the router. Having a strong wireless password does not protect your router.
On this system, I'm seeing a lot of redirects and references to drvtrf.com in the user's history in both Safari and Firefox, but there's no indication that anything's amiss anywhere in the System Settings or the BSD subsystem (nothing in crontab; nothing in the hosts file; no strange routes; nothing in "/Library/Internet Plug-Ins"; no funky Safari or Firefox extensions; etc). If there's anything hiding in this thing, I can't find it (and neither can MacScan). So, it's probably not a Mac problem.
That said, the idea that a Mac
can't be infected just by clicking on a link on a website is completely false.
In fact, it's been done -- at least twice, publicly -- to win prize money. The experts here need to consider for a moment the implications from a security researcher like Charlie Miller being able to keep a remote exploit vulnerability for Safari a secret for over a year. Do you really think there's only one such vulnerability? The only remaining thing that a motivated attacker would need is a privilege escalation exploit, and those show up all the time for Linux and, less commonly, BSD -- so those almost certainly exist in the MacOS as well. A remote browser exploit combined with a privilege escalation vulnerability means that an attacker can install whatever they want, without the user's knowledge, just by getting the user to click on a link or visit a website.
I'm not a Mac-hatin' Windows tech, either; I've used Macs since System 7.5, done development work on them, and reverse-engineered software on them. They're just tools. They aren't perfect. They aren't invulnerable. You do a disservice to people to make them think they are. (Anybody remember the
iPhone SMS of doom?) If attackers are targeting Linksys and Netgear routers now, then Macs can't be far behind, and the fact that so many people think they're invulnerable is only going to make the first hit that much more devastating.
I'd also like to remind other techs and professionals that users don't care about the difference between a virus, a worm, and a trojan. They just come to us with problems because we have more background in this technology than they do. They don't need -- or want -- a lecture about the intricacies of terminology any more than we would in taking our car to the shop and complaining about a bad throttle body on an MPFI engine or in calling pest control to deal with flies that are actually gnats. We get positive feedback from new clients all the time that have tried other tech services and been frustrated because the techs made them feel stupid, or weren't helpful, or were argumentative. Being friendly and helpful shouldn't be exceptional in this industry.
Thanks.
