Spigot Malware on my Mac?

[DuganRun]

Hello Forum,

Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?

Thanks.

[GGJstudios]

Quote:

Originally Posted by DuganRun

Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?

You don't have malware on your Mac.

1. Clear your browser's cache and cookies.
2. Set your home page to whatever page you want.
3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.

[throAU]

Quote:

Originally Posted by GGJstudios

You don't have malware on your Mac.

There is no way for you to know that for a fact.

[GGJstudios]

Quote:

Originally Posted by throAU

There is no way for you to know that for a fact.

Quote:

Originally Posted by DuganRun

I've scanned it with ClamXav and no infected files are found.

ClamXAV detects all Mac OS X malware that exists in the wild.

[throAU]

Quote:

Originally Posted by GGJstudios

ClamXAV detects all Mac OS X malware that exists in the wild.

Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?


Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.

[GGJstudios]

Quote:

Originally Posted by throAU

Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?

You're grasping at straws. I feel quite safe with my statement and you're welcome to try to prove me wrong.

Quote:

Originally Posted by throAU

Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

I have never said Macs don't get malware. You've been around the forum long enough, you should know that by now.

Quote:

Originally Posted by throAU

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.

More straws. This isn't an iDevice thread.

[throAU]

So, how is it that fully patched OS X has been hacked every year at pwn2own? By exploits that had not yet been released, and thus will not be in any anti virus package's definitions.

Again, i'm not saying it is LIKELY.

However, instantly dismissing problems as "no, you haven't been hacked", and assuming that the virus scanner knows about the malware that may on the box is misguided at best.


I bring up the i-devices because in theory they have the additional requirement of code-signing, which the mac does not have unless you run Lion or Mountain Lion with gatekeeper turned on. And they still get jailbroken.


What is your theory as to how the homepage got changed?


edit:
I do network security for a living, unexplained stuff randomly happening on machines is not something to be dismissed lightly.

[GGJstudios]

Quote:

Originally Posted by throAU

So, how is it that fully patched OS X has been hacked every year at pwn2own?

Hacking is not the same as malware.

Quote:

Originally Posted by throAU

However, instantly dismissing problems as "no, you haven't been hacked",

I didn't say anything about hacking. I said the OP doesn't have malware. There's a significant difference.

Quote:

Originally Posted by throAU

assuming that the virus scanner knows about the malware that may on the box is misguided at best.

I'm not assuming anything and a box has nothing to do with it. I know for a fact that ClamXAV detects all Mac OS X malware that exists in the wild.

You're still grasping at straws. The OP's issue has nothing to do with malware or hacking. If you can prove otherwise, be my guest.

Quote:

Originally Posted by throAU

unexplained stuff randomly happening on machines is not something to be dismissed lightly.

The chances that an average Mac user will encounter malware is extremely remote. "Unexplained stuff randomly happening" is far more likely attributed to a user's action or lack of understanding how something is working on their Mac.

[throAU]

Hacking is accomplished exploiting a machine by using malicious software.

I.e., mal-ware.


Anwyay, I guess we can agree to disagree on this. No point arguing any further.

[tnzk]

I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.

[GGJstudios]

Quote:

Originally Posted by tnzk

I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.

Did you follow the instructions in the 2nd post of this thread?

[pou]

It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

This will force you to open and modify all the search options and welcome pages in all your browsers
----------

[DuganRun]

Quote:

Originally Posted by pou

It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

This will force you to open and modify all the search options and welcome pages in all your browsers
----------

That's exactly what it was, a vuze update or at least I thought it was.

----------

Quote:

Originally Posted by GGJstudios

You don't have malware on your Mac.

1. Clear your browser's cache and cookies.
2. Set your home page to whatever page you want.
3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.

Thanks GGJ.