Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Do I have a real virus? Oh geezus...
- Thread starter jvaska
- Start date
- Sort by reaction score
It took a couple of reloads in Safari, for it to show up, but it did eventually.
It auto-downloaded a file named "object.cfm"
Norton antivirus immediately gave me the following warnings
"0224653983-3385959983.cache is infected with Bloodhound.exploit.6"
followed by
"proc-.jar-438026a9-412f6e85.zip is infected but cannot be cleaned"
It quarantined both of those files.
It auto-downloaded a file named "object.cfm"
Norton antivirus immediately gave me the following warnings
"0224653983-3385959983.cache is infected with Bloodhound.exploit.6"
followed by
"proc-.jar-438026a9-412f6e85.zip is infected but cannot be cleaned"
It quarantined both of those files.
Cybernanga said:
Interestingly, Virex called it by a different name, but an infected file none-the-less..
Code:
Scanning file /Users/yellow/Desktop/Downloads/object.cfm
/Users/yellow/Desktop/Downloads/object.cfm
Found the Generic Dropper.b trojan !!!Jvaska, your host is infected. Get them on the phone, and make sure they do something about it.
Mac Users, while this won't attack or harm our Mac's, we can still transmit the virus to our PC brethren, so please do the responsible thing, and use an Anti-Virus to clean your mac, especially if you visited the test site mentioned in this thread.
Oh, if you use VPC, or similar, make sure you run an Anti-Virus in there aswell.
Mac Users, while this won't attack or harm our Mac's, we can still transmit the virus to our PC brethren, so please do the responsible thing, and use an Anti-Virus to clean your mac, especially if you visited the test site mentioned in this thread.
Oh, if you use VPC, or similar, make sure you run an Anti-Virus in there aswell.
How would it spread from a Mac to a PC if it isn't also a Mac virus? If not it would require someone to manually mail that file to someone or share it through som file-sharing, which isn't going to happen, unless of course someone wants to hurt a Windows user on purpose.Cybernanga said:
gekko513 said:How would it spread from a Mac to a PC if it isn't also a Mac virus? If not it would require someone to manually mail that file to someone or share it through som file-sharing, which isn't going to happen, unless of course someone wants to hurt a Windows user on purpose.
A file is a file, whether or not it's a virus. A different file can do different things on different systems. Not necessarily speaking of this particular case, the Mac itself cannot become infected, but could pass along files that could infect others. Apparently inadvertent transfers do happen.
The currently available crop of Mac anti-virus programs basically police such transfers, since they have nothing as of yet from which to protect the Mac itself.
mcgarry said:
How would the file pass itself on to a Windows host? It's not like my (randomly picked) com.elgato.eyetv.plist file in my Library suddenly shows up on my brother's Windows PC, is it?
If it does have a mechanism to automatically spread from a Mac, it must be considered to be a Mac virus, too.
I appreciate the better safe than sorry thinking, but I really don't think it is necessary to install anti-virus just for this file. I think there are other valid reasons to install anti-virus on a Mac, but this file isn't one of them, unless, like I said, it is a Mac virus, also.
There is a conclusion to this story. After we went back and forth looking at the problem it was realized that the old server needed to be seriously looked at (I'm assuming they will give it an overhaul). In two years this is the first time something like this has happened with my host.
Today, we decided we'd just move me to a new server to get it over with quickly. Done.
I do want to add, that while at times the tech support could have been a little more on the ball, once the powers that be at JIffynet caught wind of all of this they took action very quickly.
Today, we decided we'd just move me to a new server to get it over with quickly. Done.
I do want to add, that while at times the tech support could have been a little more on the ball, once the powers that be at JIffynet caught wind of all of this they took action very quickly.
gekko513 said:
If a windows user sends me an infected file, the virus can't do anything while it's on my mac, because the viruses code doesn't tell it how to behave on a mac, but the virus code is still in the file, so if I then send this same file to an uninfected windows user, the virus would still be able to infect their machine, because it is now in an environment where it knows how to behave.
Having anti-virus software on my mac will help prevent the virus from spreading. This is polite behaviour especially if you connect to windows networks, or send email attachments back and forth between different windows users.
How will the virus spread if you connect to a windows network? You have to physically move the file yourself. And why would you forward an e-mail containing a virus (it's not like you need an anti virus program to spot them)? That doesn't make any sense...Cybernanga said:
I believe this is a first for me. Can someone alleivate my fear?
++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++
+ Virus successfully cleaned out of attachment(s):
No attachments are in this category.
+ Attachment(s) deleted due to virus:
1. Doll.zip: W32.Beagle@mm!zip
+++++++++++++++++++
Powered by Symantec
+++++++++++++++++++
++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++
+ Virus successfully cleaned out of attachment(s):
No attachments are in this category.
+ Attachment(s) deleted due to virus:
1. Cool_MP3.zip: W32.Beagle@mm!zip
+++++++++++++++++++
Powered by Symantec
+++++++++++++++++++
++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++
+ Virus successfully cleaned out of attachment(s):
No attachments are in this category.
+ Attachment(s) deleted due to virus:
1. Doll.zip: W32.Beagle@mm!zip
+++++++++++++++++++
Powered by Symantec
+++++++++++++++++++
++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++
+ Virus successfully cleaned out of attachment(s):
No attachments are in this category.
+ Attachment(s) deleted due to virus:
1. Cool_MP3.zip: W32.Beagle@mm!zip
+++++++++++++++++++
Powered by Symantec
+++++++++++++++++++
funny
As I started reading this thread, I decided to run Norton AV, first time in 6 months. When I got to page 3 of this thread Norton AV was half thru scanning my hard drive, then Norton gave me a nice kernel panic
As I started reading this thread, I decided to run Norton AV, first time in 6 months. When I got to page 3 of this thread Norton AV was half thru scanning my hard drive, then Norton gave me a nice kernel panic
What in God's name are you talking about? Cybernanga is exactly correct. Antivirus software on the Mac prevents your becoming an inadvertent carrier of Windows viruses. He did not say that Windows viruses can be executed on the Mac. However, antivirus software will disinfect files that originated on Windows computers and warn that the virus exists. You notion that you can spot an infected file by sight is just silly.Mitthrawnuruodo said:
Personal Example: One of my colleagues had to do a PowerPoint presentation. His Windows laptop failed a few minutes before he was to go on. I pressed my PowerBook into service to aid him. He loaded his .ppt file on my computer and gave the presentation without a hitch. Later, I installed antivirus software on the PowerBook. The software revealed that the .ppt file was infected a rather common Windows virus. It is possible that the virus caused the Windows laptop to fail in the first place. Although it was too late for my colleague, the antivirus program disinfected the file. At any rate, if antivirus software had been installed on my computer at the time, I would have known about the virus. I could have explained to my colleague that his Windows computer was infected. I could have scolded him about not properly protecting it. You see, in the real world where people work together, having a Windows computer down because of a virus creates problems for everyone. Although I was happy to be able to help my Windows-using colleague, his virus infection created extra work for me.
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html
And I wouldn't bother myself with anti-virus. It's not your job on the line because a co-worker couldn't get his ppt working. Anti-virus programs just take up system resources and hdd space. And they are stupid.
And I wouldn't bother myself with anti-virus. It's not your job on the line because a co-worker couldn't get his ppt working. Anti-virus programs just take up system resources and hdd space. And they are stupid.
If that was meant as a dig against IIS, then you shouldn't get overconfident--this particular attack was specifically directed against Linux servers running Apache, as in this case (though the original exploit took advantage of an IIS hole, I believe).reckless_0001 said:That's why web hosting servers should all be unix based..
There's no particular reason that it couldn't have targetet UNIX as well--once the server is compromized (which this one was), there's nothing stopping the attacker from installing something to do an exploit like this (randomly insert malicous JS into pages served) regardless of what the server is running (this page has a PDF that explains how a similar attack was carried out: http://vitalsecurity.org/sp2phase3.htm ).
Not to say that *nix and Apache aren't more secure than Win and IIS, but they're not immune to exploits if they're not managed properly (which, based on the "old server" comment earlier in this thread, it sounds like this one wasn't).
I didn't see this thread when it was first posted, but it's a very interesting read.