A Worm/Trojan on my Mac?

Discussion in 'macOS' started by Germacintosh, Oct 2, 2007.

  1. Germacintosh macrumors newbie

    Joined:
    Oct 1, 2007
    Location:
    Karlsruhe, Germany
    #1
    Hey there,

    I use the istat-pro widget to monitor my system and found out that I have permanent outbound traffic! My MacBook sends data with 150k/s or more to an unknown recipient and I fear this might be some sort of worm/trojan?

    I (have to) use Sophos Anti Virus and the LittleSnitch Firewall which are always running and the traffic exists, even when no applications run that use an internet connection! (Within seconds after plugging in the network cable)

    Is there a worm scanner out there or could you guys help me with analysing my processes or recommending a tool that gives me more details about where the data is actually going to?

    Thanks for all your help in advance!:confused:
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    You can use Activity Monitor (/Applications/Utilities/Activity Monitor) to see what processes are running. If there's ones you don't recognize (which there may be a number of harmless ones you don't recognize) and do searches on them or post them here to get feedback. Likely, it's nothing though. There are no "real" worms or trojans in the wild for Mac.
     
  3. Germacintosh thread starter macrumors newbie

    Joined:
    Oct 1, 2007
    Location:
    Karlsruhe, Germany
    #3
    Thanks. I was just going to look through all of these, but it wont make much sense, since I made a serious mistake: Its all incoming Traffic! (I never thought of that, because it comes in with 200k or more.) So actually nothing sends data but my Macbook receives strange amounts of data from somewhere!
     
  4. flopticalcube macrumors G4

    flopticalcube

    Joined:
    Sep 7, 2006
    Location:
    In the velcro closure of America's Hat
    #4
    Do you have a firewall or have you turned on the OSX Firewall?
     
  5. alanskerr macrumors newbie

    Joined:
    Oct 2, 2007
    #5
    Scanner Class Java JVM 1.4.2

    Has anybody been able to locate java class scanner using JVM 1.4.2?
     
  6. Germacintosh thread starter macrumors newbie

    Joined:
    Oct 1, 2007
    Location:
    Karlsruhe, Germany
    #6
    I used to use a firewall called LittleSnitch and since today I use the OSX firewall, yes!
     
  7. Germacintosh thread starter macrumors newbie

    Joined:
    Oct 1, 2007
    Location:
    Karlsruhe, Germany
    #7
    I've spoken to the University's IT Staff and they told me they're having problems with the network and are going to rearrange it somehow. So no need the worry. Anyway, thanks for you help!
     
  8. chaos86 macrumors 65816

    chaos86

    Joined:
    Sep 11, 2003
    Location:
    127.0.0.1
  9. mustang_dvs macrumors 6502a

    mustang_dvs

    Joined:
    Feb 9, 2003
    Location:
    Durham, NC
    #9
    Remnants from the creation of the Internet...? (If you subscribe to the Big ARPAnet theory; personally, I believe that the Great Flying Spaghetti Router linguini'd the interweb into existence by touching His noodly appendage to a series of tubes.)
     
  10. chaos86 macrumors 65816

    chaos86

    Joined:
    Sep 11, 2003
    Location:
    127.0.0.1
    #10
    lol. youre awesome.

    IBR is the name Steve Gibson gave the packets that seem to always be hitting your router or computer from the WAN port. In theory they come from a variety of sources like:
    - trojans and worms on thousands of unpatched versions of windows across the world looking to spread
    - misrouted packets that finally found their way out of routing loops and headed to your IP, which used to be someone elses IP
    - pings from hackers seeing if your computer is there, and has any of this week's exploitable holes
    - bot instructions sent to blocks of IPs by an owner of a botnet, intended to call any bots it reaches into action
    etc


    all of this will just bounce off a NAT router and your computer would never see it, but if you have DMZ on, or the computer hooked into the net directly, you get the whole flood.
     
  11. Ella1 macrumors newbie

    Joined:
    Dec 21, 2007
    #11
    OSX firewall question

    The omniscient consultant who set up my Mac insisted there is no firewall on my Mac and no need for one. But, thanks to what I learned in this thread, I was able to find it buried under File Sharing, Advanced. I normally ignore anything called Advanced, because I am not.

    I just checked these two boxes. What's the downside of doing so? UDP Traffic doesn't sound very appealing but is it something I want? And will Stealth Mode prevent me from getting software update information?

    [ ] Block UDP Traffic
    Prevents UDP communications from accessing resources on your computer.

    [ ] Enable Stealth Mode
    Ensures that any uninvited traffic receives no response – not even an acknowledgement that your computer exists.
     
  12. Pukey macrumors 6502

    Pukey

    Joined:
    Jan 7, 2008
    Location:
    Gekkostate
    #12
    Rad. The Flying Spaghetti Router, son of the Flying Spaghetti Monster. I knew he had a son.
    Germacintosh, thanks for the info. I didn't know iStat Pro monitored your traffic as well. This may be a silly question, but how do we know all the free apps/software out there for Macs are safe to download? Certainly the ones on the Apple site are fine, but what about others? How do you know which ones are safe and which aren't? (Sorry to hijack)
     
  13. Neil321 macrumors 68040

    Neil321

    Joined:
    Nov 6, 2007
    Location:
    Britain, Avatar Created By Bartelby
    #13
    Download stuff from reputable sites such as VersionTracker or MacUpdate
     
  14. chagla macrumors 6502a

    chagla

    Joined:
    Mar 21, 2008
    #14
    hey are you lying to us? i thought they were non existent as I saw on the apple-vs-pc commercial.

    i like what the handsome guy said on commercial.
     
  15. Pukey macrumors 6502

    Pukey

    Joined:
    Jan 7, 2008
    Location:
    Gekkostate
    #15
    Thanks neil321, that is good info. Ok, just to show how new I am to OS X here's a funny question. When I downloaded Firefox it showed up as a volume on my Desktop, kind of like a external HD image, but with the Firefox logo on it. Why is that? Should I put it in any particular folder? Getting rid of it didn't seem to allow Firefox to work. So what is this?
     
  16. redsteven macrumors 6502a

    redsteven

    Joined:
    Aug 22, 2006
    #16
    u may want to start doubting his omniscience :)
     
  17. Banalltv macrumors newbie

    Joined:
    Dec 16, 2006
    #17

    Here's what it says about that in David Pogue's very helpful Missing Manual, Tiger version pages 464 to 466. I recommend buying it:
    http://img259.imageshack.us/img259/7756/picture1cu2.jpg
     
  18. Ella1 macrumors newbie

    Joined:
    Dec 21, 2007
    #18
    Thanks! For once, a clear, concise explanation!
     
  19. LightDemon69 macrumors member

    Joined:
    Feb 3, 2008
    Location:
    Levan, Utah
    #19
    That is what is called a Disk Image (.dmg) file. (http://en.wikipedia.org/wiki/.dmg) When you download something in Mac OS X, it downloads as a .dmg file. When you run this file, it creates a "virtual" hard drive (Which is what the Firefox volume you spoke of is). Inside this Virtual Volume is the application you want. When you open this volume, instead of running Firefox from here, copy the Firefox application in the Virtual Volume to the "Applications" folder on your Mac's hard drive. This installs Firefox. Then you can eject the Virtual Volume (drag it to the trash or highlight it and press Command+E) and go ahead an run Firefox from the Applications folder. (also, if you have put the Firefox application from the Virtual Volume in your dock, delete that icon, and make a new one from the firefox in your Applications folder)
     

Share This Page