Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > Mac Basics and Help

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 23, 2012, 09:25 PM   #1
DuganRun
macrumors newbie
 
Join Date: Jun 2012
Location: Nottingham, England.
Spigot Malware on my Mac?

Hello Forum,

Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?

Thanks.
DuganRun is offline   1 Reply With Quote
Old Dec 23, 2012, 09:27 PM   #2
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by DuganRun View Post
Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?
You don't have malware on your Mac.
  1. Clear your browser's cache and cookies.
  2. Set your home page to whatever page you want.
  3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.
GGJstudios is offline   0 Reply With Quote
Old Dec 23, 2012, 10:45 PM   #3
throAU
macrumors 68030
 
Join Date: Feb 2012
Location: Perth, Western Australia
Quote:
Originally Posted by GGJstudios View Post
You don't have malware on your Mac.
There is no way for you to know that for a fact.
__________________
MBP (early 2011) - Core i7 2720 2.2ghz, Hires Glossy, 16GB, Seagate Momentus XT 750GB
Mac Mini (mid 2007) - Core2 Duo 1.8, 2gb, 320gb 7200 rpm
iPhone 4S, iPad 4, iPad Mini, HTC One (eval)
throAU is offline   2 Reply With Quote
Old Dec 23, 2012, 10:46 PM   #4
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by throAU View Post
There is no way for you to know that for a fact.

Quote:
Originally Posted by DuganRun View Post
I've scanned it with ClamXav and no infected files are found.
ClamXAV detects all Mac OS X malware that exists in the wild.
GGJstudios is offline   0 Reply With Quote
Old Dec 23, 2012, 10:49 PM   #5
throAU
macrumors 68030
 
Join Date: Feb 2012
Location: Perth, Western Australia
Quote:
Originally Posted by GGJstudios View Post


ClamXAV detects all Mac OS X malware that exists in the wild.
Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?


Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.
__________________
MBP (early 2011) - Core i7 2720 2.2ghz, Hires Glossy, 16GB, Seagate Momentus XT 750GB
Mac Mini (mid 2007) - Core2 Duo 1.8, 2gb, 320gb 7200 rpm
iPhone 4S, iPad 4, iPad Mini, HTC One (eval)
throAU is offline   3 Reply With Quote
Old Dec 23, 2012, 10:52 PM   #6
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by throAU View Post
Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?
You're grasping at straws. I feel quite safe with my statement and you're welcome to try to prove me wrong.
Quote:
Originally Posted by throAU View Post
Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.
I have never said Macs don't get malware. You've been around the forum long enough, you should know that by now.
Quote:
Originally Posted by throAU View Post
Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.
More straws. This isn't an iDevice thread.
GGJstudios is offline   2 Reply With Quote
Old Dec 23, 2012, 11:02 PM   #7
throAU
macrumors 68030
 
Join Date: Feb 2012
Location: Perth, Western Australia
So, how is it that fully patched OS X has been hacked every year at pwn2own? By exploits that had not yet been released, and thus will not be in any anti virus package's definitions.

Again, i'm not saying it is LIKELY.

However, instantly dismissing problems as "no, you haven't been hacked", and assuming that the virus scanner knows about the malware that may on the box is misguided at best.


I bring up the i-devices because in theory they have the additional requirement of code-signing, which the mac does not have unless you run Lion or Mountain Lion with gatekeeper turned on. And they still get jailbroken.


What is your theory as to how the homepage got changed?


edit:
I do network security for a living, unexplained stuff randomly happening on machines is not something to be dismissed lightly.
__________________
MBP (early 2011) - Core i7 2720 2.2ghz, Hires Glossy, 16GB, Seagate Momentus XT 750GB
Mac Mini (mid 2007) - Core2 Duo 1.8, 2gb, 320gb 7200 rpm
iPhone 4S, iPad 4, iPad Mini, HTC One (eval)
throAU is offline   1 Reply With Quote
Old Dec 23, 2012, 11:08 PM   #8
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by throAU View Post
So, how is it that fully patched OS X has been hacked every year at pwn2own?
Hacking is not the same as malware.
Quote:
Originally Posted by throAU View Post
However, instantly dismissing problems as "no, you haven't been hacked",
I didn't say anything about hacking. I said the OP doesn't have malware. There's a significant difference.
Quote:
Originally Posted by throAU View Post
assuming that the virus scanner knows about the malware that may on the box is misguided at best.
I'm not assuming anything and a box has nothing to do with it. I know for a fact that ClamXAV detects all Mac OS X malware that exists in the wild.

You're still grasping at straws. The OP's issue has nothing to do with malware or hacking. If you can prove otherwise, be my guest.
Quote:
Originally Posted by throAU View Post
unexplained stuff randomly happening on machines is not something to be dismissed lightly.
The chances that an average Mac user will encounter malware is extremely remote. "Unexplained stuff randomly happening" is far more likely attributed to a user's action or lack of understanding how something is working on their Mac.
GGJstudios is offline   3 Reply With Quote
Old Dec 23, 2012, 11:15 PM   #9
throAU
macrumors 68030
 
Join Date: Feb 2012
Location: Perth, Western Australia
Hacking is accomplished exploiting a machine by using malicious software.

I.e., mal-ware.


Anwyay, I guess we can agree to disagree on this. No point arguing any further.
__________________
MBP (early 2011) - Core i7 2720 2.2ghz, Hires Glossy, 16GB, Seagate Momentus XT 750GB
Mac Mini (mid 2007) - Core2 Duo 1.8, 2gb, 320gb 7200 rpm
iPhone 4S, iPad 4, iPad Mini, HTC One (eval)
throAU is offline   3 Reply With Quote
Old Dec 24, 2012, 02:41 AM   #10
tnzk
macrumors newbie
 
Join Date: Dec 2012
I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.

Last edited by tnzk; Dec 24, 2012 at 02:42 AM. Reason: added a sentence
tnzk is offline   0 Reply With Quote
Old Dec 24, 2012, 04:17 AM   #11
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by tnzk View Post
I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.
Did you follow the instructions in the 2nd post of this thread?
GGJstudios is offline   0 Reply With Quote
Old Dec 24, 2012, 08:20 PM   #12
pou
macrumors newbie
 
Join Date: Dec 2012
It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

This will force you to open and modify all the search options and welcome pages in all your browsers
----------
pou is offline   3 Reply With Quote
Old Dec 24, 2012, 10:02 PM   #13
DuganRun
Thread Starter
macrumors newbie
 
Join Date: Jun 2012
Location: Nottingham, England.
Quote:
Originally Posted by pou View Post
It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

This will force you to open and modify all the search options and welcome pages in all your browsers
----------
That's exactly what it was, a vuze update or at least I thought it was.

----------

Quote:
Originally Posted by GGJstudios View Post
You don't have malware on your Mac.
  1. Clear your browser's cache and cookies.
  2. Set your home page to whatever page you want.
  3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.
Thanks GGJ.
DuganRun is offline   0 Reply With Quote
Old Oct 23, 2013, 02:57 AM   #14
Jayjay90
macrumors newbie
 
Join Date: Jun 2013
I have encountered the same issue but I guess I wasn't paying attention during the installation.
Anyway I was able to fix it by following the instructions i've found here: http://www.spigot.com/uninstall-mac-extensions.html and http://www.spigot.com/change-default-search.html
Hope this helps
Jayjay90 is offline   0 Reply With Quote
Old Nov 21, 2013, 02:46 PM   #15
unowen
macrumors newbie
 
Join Date: Oct 2011
Location: NYC
Quote:
Originally Posted by throAU View Post
Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?


Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.
Uhhhhhh.....

Yeah - ok.

I've now put my tinfoil hat on, and I'm wondering - can you answer this person's question about Spigot, or not?

Yes - I am being slightly glib, but - other than the 'scary' stuff, you don't offer anything helpful.

Why am I even here?

I have a Mac (I've had 'em since late 80's), and I've had this Spigot 'bupkes' now on my new MBP for the past couple of days. I'd remove it (ALL), but, then - I must be doing something, 'cos I'm getting it again.

So, my question is - to you - and anyone else who's out there:

• What are the possible ways Spigot's getting in, i.e., a particular site, or a piece of software/extension

• What's the best way to remove it (or, more accurately, lessen the chances of picking it up again?)


UPDATE: I just read - right after typing this - that the latest rash of 'Spigotitis infection' is coming from (drumroll, please) CNET.

If you're downloading software from them (as I did), and use their 'CNET Installer' (as I did), it's 'wrapped' up in a Spigot-spreading container.

I'm getting my crayon out - and, more if necessary - and letting CNET know.
__________________
All of this has happened before - and will happen again.
- BSG

Last edited by unowen; Nov 21, 2013 at 02:50 PM. Reason: I just read further info
unowen is offline   0 Reply With Quote
Old Nov 22, 2013, 12:13 PM   #16
Charingx
macrumors newbie
 
Join Date: Apr 2010
library

Check ~/Library/Application Support/Spigot/ I removed this after I fixed the browsers and changed the DNS servers.
I used to love CNET.
Charingx is offline   0 Reply With Quote
Old Nov 28, 2013, 05:47 AM   #17
louie0817
macrumors newbie
 
Join Date: Mar 2013
Also had Spigot installed by the CNET installer while downloading/installing FontDoc app.
I only noticed it because it changed my homepage to the URL noted previously.
In addition to removing the directory ~/Library/Application Support/Spigot , I also removed 3 Safari extensions it installed. (see Safari/Preferences/Extensions)

Almost forget, when installing, I was asked about the installer wanting to access "my Contacts".

Last edited by louie0817; Nov 28, 2013 at 05:52 AM. Reason: more info
louie0817 is offline   0 Reply With Quote
Old Dec 13, 2013, 09:33 AM   #18
Jayjay90
macrumors newbie
 
Join Date: Jun 2013
Hello,

My name is Robert, I'm a Spigot representative and I can help with some instructions on how to remove the Spigot Mac extensions.

Please check out this tutorial page:
http://www.spigot.com/uninstall-mac-extensions.html

If you have further issues please contact us.
Jayjay90 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > Mac Basics and Help

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Flash Malware on Mavericks Mac wilsongt OS X Mavericks (10.9) 9 Mar 23, 2014 01:32 AM
Malware From iPhone to Mac? John55455 iPhone 4 Jul 26, 2013 03:43 PM
Mac Malware? MacUser09 OS X 2 May 2, 2013 01:23 AM
Is a malware on my Mac? ismar23 Mac OS X 10.7 Lion 3 Jul 29, 2012 10:23 AM
Apple's plan to keep malware off the Mac gman27 OS X 4 Jul 13, 2012 11:06 AM

Forum Jump

All times are GMT -5. The time now is 02:39 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC