Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

A Worm/Trojan on my Mac?

G

Germacintosh

macrumors newbie
Original poster
Hey there,

I use the istat-pro widget to monitor my system and found out that I have permanent outbound traffic! My MacBook sends data with 150k/s or more to an unknown recipient and I fear this might be some sort of worm/trojan?

I (have to) use Sophos Anti Virus and the LittleSnitch Firewall which are always running and the traffic exists, even when no applications run that use an internet connection! (Within seconds after plugging in the network cable)

Is there a worm scanner out there or could you guys help me with analysing my processes or recommending a tool that gives me more details about where the data is actually going to?

Thanks for all your help in advance!😕
 
You can use Activity Monitor (/Applications/Utilities/Activity Monitor) to see what processes are running. If there's ones you don't recognize (which there may be a number of harmless ones you don't recognize) and do searches on them or post them here to get feedback. Likely, it's nothing though. There are no "real" worms or trojans in the wild for Mac.
 
Thanks. I was just going to look through all of these, but it wont make much sense, since I made a serious mistake: Its all incoming Traffic! (I never thought of that, because it comes in with 200k or more.) So actually nothing sends data but my Macbook receives strange amounts of data from somewhere!
 
I've spoken to the University's IT Staff and they told me they're having problems with the network and are going to rearrange it somehow. So no need the worry. Anyway, thanks for you help!
 
chaos86 said:
IBR?

(internet background radiation?)
Click to expand...

Remnants from the creation of the Internet...? (If you subscribe to the Big ARPAnet theory; personally, I believe that the Great Flying Spaghetti Router linguini'd the interweb into existence by touching His noodly appendage to a series of tubes.)
 
mustang_dvs said:
Remnants from the creation of the Internet...? (If you subscribe to the Big ARPAnet theory; personally, I believe that the Great Flying Spaghetti Router linguini'd the interweb into existence by touching His noodly appendage to a series of tubes.)
Click to expand...

lol. youre awesome.

IBR is the name Steve Gibson gave the packets that seem to always be hitting your router or computer from the WAN port. In theory they come from a variety of sources like:
- trojans and worms on thousands of unpatched versions of windows across the world looking to spread
- misrouted packets that finally found their way out of routing loops and headed to your IP, which used to be someone elses IP
- pings from hackers seeing if your computer is there, and has any of this week's exploitable holes
- bot instructions sent to blocks of IPs by an owner of a botnet, intended to call any bots it reaches into action
etc


all of this will just bounce off a NAT router and your computer would never see it, but if you have DMZ on, or the computer hooked into the net directly, you get the whole flood.
 
OSX firewall question

The omniscient consultant who set up my Mac insisted there is no firewall on my Mac and no need for one. But, thanks to what I learned in this thread, I was able to find it buried under File Sharing, Advanced. I normally ignore anything called Advanced, because I am not.

I just checked these two boxes. What's the downside of doing so? UDP Traffic doesn't sound very appealing but is it something I want? And will Stealth Mode prevent me from getting software update information?

[ ] Block UDP Traffic
Prevents UDP communications from accessing resources on your computer.

[ ] Enable Stealth Mode
Ensures that any uninvited traffic receives no response – not even an acknowledgement that your computer exists.
 
mustang_dvs said:
Remnants from the creation of the Internet...? (If you subscribe to the Big ARPAnet theory; personally, I believe that the Great Flying Spaghetti Router linguini'd the interweb into existence by touching His noodly appendage to a series of tubes.)
Click to expand...

Rad. The Flying Spaghetti Router, son of the Flying Spaghetti Monster. I knew he had a son.
Germacintosh, thanks for the info. I didn't know iStat Pro monitored your traffic as well. This may be a silly question, but how do we know all the free apps/software out there for Macs are safe to download? Certainly the ones on the Apple site are fine, but what about others? How do you know which ones are safe and which aren't? (Sorry to hijack)
 
Pukey said:
Rad. The Flying Spaghetti Router, son of the Flying Spaghetti Monster. I knew he had a son.
Germacintosh, thanks for the info. I didn't know iStat Pro monitored your traffic as well. This may be a silly question, but how do we know all the free apps/software out there for Macs are safe to download? Certainly the ones on the Apple site are fine, but what about others? How do you know which ones are safe and which aren't? (Sorry to hijack)
Click to expand...

Download stuff from reputable sites such as VersionTracker or MacUpdate
 
hey are you lying to us? i thought they were non existent as I saw on the apple-vs-pc commercial.

i like what the handsome guy said on commercial.
 
Thanks neil321, that is good info. Ok, just to show how new I am to OS X here's a funny question. When I downloaded Firefox it showed up as a volume on my Desktop, kind of like a external HD image, but with the Firefox logo on it. Why is that? Should I put it in any particular folder? Getting rid of it didn't seem to allow Firefox to work. So what is this?
 
Ella1 said:
The omniscient consultant who set up my Mac insisted there is no firewall on my Mac and no need for one. But, thanks to what I learned in this thread, I was able to find it buried under File Sharing, Advanced. I normally ignore anything called Advanced, because I am not.
Click to expand...

u may want to start doubting his omniscience 🙂
 
Ella1 said:
The omniscient consultant who set up my Mac insisted there is no firewall on my Mac and no need for one. But, thanks to what I learned in this thread, I was able to find it buried under File Sharing, Advanced. I normally ignore anything called Advanced, because I am not.

I just checked these two boxes. What's the downside of doing so? UDP Traffic doesn't sound very appealing but is it something I want? And will Stealth Mode prevent me from getting software update information?

[ ] Block UDP Traffic
Prevents UDP communications from accessing resources on your computer.

[ ] Enable Stealth Mode
Ensures that any uninvited traffic receives no response – not even an acknowledgement that your computer exists.
Click to expand...


Here's what it says about that in David Pogue's very helpful Missing Manual, Tiger version pages 464 to 466. I recommend buying it:
http://img259.imageshack.us/img259/7756/picture1cu2.jpg
 
Pukey said:
Thanks neil321, that is good info. Ok, just to show how new I am to OS X here's a funny question. When I downloaded Firefox it showed up as a volume on my Desktop, kind of like a external HD image, but with the Firefox logo on it. Why is that? Should I put it in any particular folder? Getting rid of it didn't seem to allow Firefox to work. So what is this?
Click to expand...

That is what is called a Disk Image (.dmg) file. (http://en.wikipedia.org/wiki/.dmg) When you download something in Mac OS X, it downloads as a .dmg file. When you run this file, it creates a "virtual" hard drive (Which is what the Firefox volume you spoke of is). Inside this Virtual Volume is the application you want. When you open this volume, instead of running Firefox from here, copy the Firefox application in the Virtual Volume to the "Applications" folder on your Mac's hard drive. This installs Firefox. Then you can eject the Virtual Volume (drag it to the trash or highlight it and press Command+E) and go ahead an run Firefox from the Applications folder. (also, if you have put the Firefox application from the Virtual Volume in your dock, delete that icon, and make a new one from the firefox in your Applications folder)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back