Has anybody ever had a virus on their Mac?

[GGJstudios]

Yeah, they do exist. It is significantly harder to get one than the PC.

No, they don't.

yes its true I had 3 viruses according to sophos anti virus apart from that flawless

They weren't Mac viruses, since none exist that run on current Mac OS X.

Viruses for Mac OSX DO exist, theres just not anywhere near as many.

No they don't. Prove me wrong by naming just ONE!

they CAN get them but its very rare

Yes, Macs CAN get a virus. They are not immune. But one would have to be created first, and released into the wild where an average Mac user can encounter it. That hasn't ever happened for Leopard or Snow Leopard. There hasn't been a virus in the wild that affected current Mac OS X for over 5 years.

Read and learn: Mac Virus/Malware Info

 

[old-wiz]

I'm late to the party on this one they CAN get them but its very rare and I have never gotten one in the 5 months I have owned my Mac.

There are no viruses for the Mac. In the 5 years I have used OSx, never a virus or a trojan or malware. I practice safe computing and use no virus scanner. Most of the virus scanners they sell are themselves malware.

 

[SkippyThorson]

There are NO viruses for the Mac. None. Zip. Zero. Nada.

The only viruses that exist are the users (half of those here) who BELIEVE that there are, and insist on spreading the word that there are. You know what? Those users have not the slightest idea what differentiates a Virus from a Trojan or Malware. They are NOT the same thing.

For the life of me, I can't understand why people think or assume that there are, and then spread their gospel as fact, when it's all fiction. Especially when there's no proof to back up their claim. Even better, possibly, is when they post some bogus article (like those here) that claims there is a Virus, when it's not a Virus at all. Still, the kiddies believe it.

Does anyone find it weird that not one person in this thread has actually had a Virus, EVER, yet some still claim they exist? Weird! Why does everyone think everything is real?

Well you know what? My name is Sasquatch, I live in the Adirondacks, and I happily exist, along with my cocker spaniel / black bear mix, Spot. In 2011, I'll be on America's Got Talent, doing a fire juggler routine.
^ Truest thing in this thread... ^

 

[Mac'nCheese]

There are NO viruses for the Mac. None. Zip. Zero. Nada.

The only viruses that exist are the users (half of those here) who BELIEVE that there are, and insist on spreading the word that there are. You know what? Those users have not the slightest idea what differentiates a Virus from a Trojan or Malware. They are NOT the same thing.

For the life of me, I can't understand why people think or assume that there are, and then spread their gospel as fact, when it's all fiction. Especially when there's no proof to back up their claim. Even better, possibly, is when they post some bogus article (like those here) that claims there is a Virus, when it's not a Virus at all. Still, the kiddies believe it.

Does anyone find it weird that not one person in this thread has actually had a Virus, EVER, yet some still claim they exist? Weird! Why does everyone think everything is real?

Well you know what? My name is Sasquatch, I live in the Adirondacks, and I happily exist, along with my cocker spaniel / black bear mix, Spot. In 2011, I'll be on America's Got Talent, doing a fire juggler routine.
^ Truest thing in this thread... ^

I can tell you how some stories about virus for macs are spread. Well before I joined this forum, I owned a mac simply because they were easier to use, care for and my wife was a teacher and all of her work programs were mac-based. I knew next to nothing about them. Anyway, one day I noticed my internet was really slow. A bunch of calls back and forth between me and apple and cablevision later, the apple rep found that I had two addresses listed under my internet connection (Don't ask, I have long forgotten more details, but I do remember seeing under the tcp or dns or some other tab, two different sets of numbers). Anyway, the rep said to download a virus program, run it and check the tab again. I should have only one address after ridding my computer of the "virus" that was making the two addresses fight. I downloaded, ran the program (it found and cleaned up something, again, too long ago to remember), went back to that tab, saw only one address and my internet was fine. So, of course, I was now one of the infamous "macs can get viruses" crew. It wasn't to years later, when I joined macrumors and related this story, that I was told, very nicely by many members here that I may have had something going on but it was in no way, shape or form, a virus. I know better now after those posts (and some quick googling on my own) but that's an example of how an apple "genius" can help spread the nasty macs can get viruses virus.

P.S. Did you edit out your post title?

 

[GGJstudios]

but I do remember seeing under the tcp or dns or some other tab, two different sets of numbers).... went back to that tab, saw only one address and my internet was fine....but that's an example of how an apple "genius" can help spread the nasty macs can get viruses virus.

This is a good example. There are too many out there who call themselves "experts" or "geniuses" who don't know what they're doing. Your situation sounds like it was a simple case of DNS settings being changed. The "expert's" first mistake was to claim that having two IP addresses in your DNS settings was "making the two addresses fight", which is ridiculous. It's normal to have two IP addresses there, one for the primary DNS server, and one for the secondary.

The problem is, too many computer-illiterate folks end up asking other folks for help, who themselves are computer-illiterate. It's the blind leading the blind. It's not the fault of the average user who needs help. There are too many people who freely offer advice when they don't know what they're talking about.

 

[munkery]

http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

OSX/Leap.a, just like Boonana, is a bad attempt at malware that really was not very malicious at all.

The following is a quote from the individual that first disassembled OSX/Leap.a:

-- It doesn't actually do anything other than attempt to propagate itself via iChat, and then only via Bonjour! (aka "Rendezvous) -- it does not send itself over the Internet, rather just to your local Bonjour user list.

-- It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching

-- It's not particularly sophisticated

--I'd really be tempted to call this thing a non-event; it's poorly written, can't spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all--

Also, OSX/Leap.a would only propagate via Bonjour on PPC Macs so it was even less problematic on Intel Macs.

 

[Mac'nCheese]

This is a good example. There are too many out there who call themselves "experts" or "geniuses" who don't know what they're doing. Your situation sounds like it was a simple case of DNS settings being changed. The "expert's" first mistake was to claim that having two IP addresses in your DNS settings was "making the two addresses fight", which is ridiculous. It's normal to have two IP addresses there, one for the primary DNS server, and one for the secondary.

The problem is, too many computer-illiterate folks end up asking other folks for help, who themselves are computer-illiterate. It's the blind leading the blind. It's not the fault of the average user who needs help. There are too many people who freely offer advice when they don't know what they're talking about.

The same guy also told me that apple was soon to face hard times and I should dump my apple stock and let his guy, Bernie Madoff, invest all my money. Shouldn't have listen to him at all.

 

[gnasher729]

Iwork 2009 had viruses attached to the files. Also Bit torrent files can have viruses. Last reported was also 2009. Check out the link i post above. Most recent is 2009.

iWork 2009 did _not_ have any viruses attached. However, there were sites that seemed to offer pirated versions of iWork 2009, specially modified to cause your Macintosh harm. Since you had to download this software yourself (knowing clearly that it was at least illegal, and common sense would say that it could be expected harmful), install it yourself, and get around two warnings that MacOS X gives you, it is not a virus. And you had to be quite stupid and greedy to be affected by this in the first place.

 

[bobr1952]

It is so frustrating reading through these "virus" threads. In one post someone very accurately and definitively details the differences between virus, trojan, and malware--then the very next thread someone lumps them all together again as a virus. Maybe to some it doesn't matter but it does to those who understand the big difference--user intervention--and that brings into play the best anti-virus (currently) for os-x--common sense. Only use your admin password when you absolutely know why os-x is asking for it--safe computing is sound computing.

 

[MacsAreBetter\]

No.

I have been using a Mac for exactly a year. This day last year I bought a MB Pro. At first (first couple of days) I was relatively cautious, and installed 2 anti-viruses and scanned everything I downloaded/received from a USB.
So I decided to give up and just forgot about it. I un-installed the anti-viruses and just used the computer as usual.

There hasn't been 1 virus or even warning of a virus since then. And mind you, I have browsed the realms of the internet, from 4chan and imageboards, to hardcore porn, to everywhere else you could imagine.

You're safe. You can trust on that one.

Funny story though, the day I ran BootCamp and installed Win7, it went to sh*ts on day 2, after I got a virus which screwed up that partition. Easily just removed the partition without the Mac side damaged.

 

[Old Muley]

The last time I recall seeing a Mac virus was back in college, around 1987 or 1988. I don't recall what it was called, but it moved through a lab via bootable floppies and messed up a lot of machines. Of course this was back in the pre-OSX days (actually pre-System 7 at that point), so I don't even know if it should count. I didn't own a Mac at that time (I had an Apple ][c) so it wasn't somthing I gave much thought to at the time. Since purchasing my first Mac in '91, I've never seen a virus on any of my machines nor have I sprung for any anti-virus software.

As others have stated, a virus is not a Trojan, is not a worm, is not malware. You can't "catch" something that doesn't exist. Might as well be asking how did you treat your most recent case of smallpox.

 

[GGJstudios]

As others have stated, a virus is not a Trojan, is not a worm, is not malware.

Actually, a virus (along with trojans, worms, spyware, etc.) is a form of malware, but your point is well-taken.

 

[SkippyThorson]

I can tell you how some stories about virus for macs are spread. Well before I joined this forum, I owned a mac simply because they were easier to use, care for and my wife was a teacher and all of her work programs were mac-based. I knew next to nothing about them. Anyway, one day I noticed my internet was really slow. A bunch of calls back and forth between me and apple and cablevision later, the apple rep found that I had two addresses listed under my internet connection (Don't ask, I have long forgotten more details, but I do remember seeing under the tcp or dns or some other tab, two different sets of numbers). Anyway, the rep said to download a virus program, run it and check the tab again. I should have only one address after ridding my computer of the "virus" that was making the two addresses fight. I downloaded, ran the program (it found and cleaned up something, again, too long ago to remember), went back to that tab, saw only one address and my internet was fine. So, of course, I was now one of the infamous "macs can get viruses" crew. It wasn't to years later, when I joined macrumors and related this story, that I was told, very nicely by many members here that I may have had something going on but it was in no way, shape or form, a virus. I know better now after those posts (and some quick googling on my own) but that's an example of how an apple "genius" can help spread the nasty macs can get viruses virus.

P.S. Did you edit out your post title?

Interesting story, for sure. I agree with the fact that the "Virus" program definitely did the trick, and you're right, it did get rid of that offending application, whatever it was. The problems I see are A) the Genius saying the word "Virus" in the first place, and B) the program you ran being called an "Anti-virus program". What you described is awkwardly common, and I just don't know why.

*No, I didn't change my post title, but the MacRumors mods apparently don't like references to the Blues Brothers. That's the second movie quote I've had removed.*

The last time I recall seeing a Mac virus was back in college, around 1987 or 1988. I don't recall what it was called, but it moved through a lab via bootable floppies and messed up a lot of machines. Of course this was back in the pre-OSX days (actually pre-System 7 at that point), so I don't even know if it should count. I didn't own a Mac at that time (I had an Apple ][c) so it wasn't somthing I gave much thought to at the time. Since purchasing my first Mac in '91, I've never seen a virus on any of my machines nor have I sprung for any anti-virus software.

As others have stated, a virus is not a Trojan, is not a worm, is not malware. You can't "catch" something that doesn't exist. Might as well be asking how did you treat your most recent case of smallpox.

Since Viruses install themselves with no user input, and those people had to insert the bootable floppies, that was also not a virus, but a cleverly written program that was physically put on the targeted (or not targeted) machines that used it. (Someone, correct me if I'm wrong - just throwing it out there.)

 

[Macginger]

Maybe to some it doesn't matter but it does to those who understand the big difference--user intervention.

I totally agree, whether it's a virus or a trojan it's still an attack on you, it's personal and damaging.
Some will turn to Apple in the belief that they'll be safe no matter what they browse or download, and will inadvertently enter passwords without really knowing what they're doing. Coming from a Microsoft world I can appreciate how they could feel, not everyone is technical minded in this fast paced cyber world.
So I suppose it's a case of helping the complete novice, who might/will make mistakes in the early stages of transgression to Apple, what protection can they use while they learn?
No condoms please

 

[mjsmke]

No, they don't.

They weren't Mac viruses, since none exist that run on current Mac OS X.

No they don't. Prove me wrong by naming just ONE!

Yes, Macs CAN get a virus. They are not immune. But one would have to be created first, and released into the wild where an average Mac user can encounter it. That hasn't ever happened for Leopard or Snow Leopard. There hasn't been a virus in the wild that affected current Mac OS X for over 5 years.

Read and learn: Mac Virus/Malware Info

First recorded virus for Mac OS 1982 - Elk Cloner virus, capable of infecting the boot sector of Apple II computers.

1987 - The nVIR virus began to infect Macs, spreading mainly by floppy disk. Source code was later made available, causing a rash of variants.

1988 - HyperCard viruses emerged that could run on versions of Apple's Mac OS 9. One version showed the message "Dukakis for President" before self-destructing.

1990 - The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.

1995 - Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs. Thousands of macro viruses followed, many affecting Microsoft Office for Mac.

1996 - Laroux, the first Excel virus, was released. Mac users were unaffected until the release of Excel 98 meant Macs could become infected.

1998 - Sevendust, also known as 666, infected applications on Apple Mac computers.

2004 - The Renepo script worm attempted to disable Mac OS X security, downloaded hacking tools to affected computers, and gave criminals admin rights to the Apple Macintosh. Hackers also wrote a proof-of-concept program called Amphimix which demonstrated how executable code could be disguised as an MP3 music file on an Apple Mac.

2006 - Leap-A, the first ever virus for Mac OS X was discovered. Leap-A can spread via iChat.
The Inqtana worm and proof-of-concept virus soon followed.

2007 - Sophos discovered an OpenOffice multi-platform macro worm capable of running on Windows, Linux and Mac computers. The BadBunny worm dropped Ruby script viruses on Mac OS X systems, and displayed an indecent JPEG image of a man wearing a rabbit costume.
Sophos reported the first financial malware for Mac. The gang developed both Windows and Mac versions of their malware.

2008 - Cybercriminals targeted Mac and PC users in equal measure, by planting poisoned adverts on TV-related websites. If accessed via an Apple Mac, surfers would be attacked by a piece of Macintosh scareware called MacSweeper.
In June, the OSX/Hovdy-A Trojan horse was discovered that could steal passwords from Mac OS X users, open the firewall to give access to hackers, and disable security settings.
Troj/RKOSX-A was discovered - a Mac OS X tool to assist hackers create backdoor Trojans, which can give them access and control over your Apple Mac computer.
In November, Sophos warned of the Jahlav Trojan, and Apple issued a support advisory urging customers to run anti-virus software.

2009 - In January 2009, hackers began to distribute the OSX/iWorkS-A Trojan horse via BitTorrent inside pirated versions of Apple's iWork '09 software suite.
In the same month, a new variant of the Trojan was distributed in a pirated version of Adobe Photoshop CS4.
In March, Sophos reported on how hackers were planting versions of the RSPlug Trojan horse on websites, posing as amn HDTV program called MacCinema. View a video of this attack here.
In June, SophosLabs discovered a new version of the Tored email worm for Mac OS X, and hackers planted a version of the Jahlav Mac Trojan horse on a website posing as a portal for hardcore porn videos.
Shortly afterwards, the Twitter account of celebrity blogger Guy Kawasaki had a malicious link posted onto it, claiming to point to a sex video of Gossip Girl actress Leighton Meester. In reality, however, the link lead unsuspecting users to malware which could infect Mac users.

Shall i go on to explain what/how these viruses work?

While I don't need to justify the existence of Mac viruses/Malware/Spyware/Trojons etc. If anyone chooses to believe they do or don't exist is up to you. The OP asked a question and there are 2 answers, yes and no. Anyone saying they do exist has no reason to lie.

 

[GGJstudios]

Since Viruses install themselves with no user input, and those people had to insert the bootable floppies, that was also not a virus, but a cleverly written program that was physically put on the targeted (or not targeted) machines that used it. (Someone, correct me if I'm wrong - just throwing it out there.)

Yes, they were viruses. A virus can spread itself simply through the presence of additional hard drives, floppies, etc. to spread to. That's not considered user input just to attach such media. User intervention for trojans means you have to launch and install the trojan, which usually involves entering your admin password on a Mac. In other words, for a trojan to spread, the user has to directly interact with the trojan. For a virus to spread, the user can be completely unaware that anything is happening.

I totally agree, whether it's a virus or a trojan it's still an attack on you, it's personal and damaging.
Some will turn to Apple in the belief that they'll be safe no matter what they browse or download, and will inadvertently enter passwords without really knowing what they're doing. Coming from a Microsoft world I can appreciate how they could feel, not everyone is technical minded in this fast paced cyber world.
So I suppose it's a case of helping the complete novice, who might/will make mistakes in the early stages of transgression to Apple, what protection can they use while they learn?
No condoms please

You misread the post that you quoted. The point is, there is a big difference between a virus and a trojan:

You have a house that you want to keep protected from burglars. One type of burglar has a way of getting into your house without you being aware or doing anything, such as down the chimney, through a window, etc. That's a virus.

The other type simply knocks on the door and tells you it's a Girl Scout selling cookies. You unlock and open the door, inviting the "Girl Scout" inside, your house says "Are you SURE you want to let them in? They could be a burglar in disguise!", you answer, "Yes, I'm sure I want to let them in!" and do so, only finding later that it was really a burglar. That's a trojan.

Using a Mac, there simply are no burglars out there in any neighborhood that climb down chimneys or crawl through windows. The only kind out there than can affect Macs are those that knock on the door, and there are only a handful of those. Using common sense and knowing not to open the door is the best defense.

The OP asked a question and there are 2 answers, yes and no. Anyone saying they do exist has no reason to lie.

I'll address your post in a few minutes.

 

[SkippyThorson]

People will always say they exist, and people will always prove they don't, and the cycle will never end.

Can we end this thread now before it turns into flame bait extreme?

 

[GGJstudios]

While I don't need to justify the existence of Mac viruses/Malware/Spyware/Trojons etc. If anyone chooses to believe they do or don't exist is up to you. The OP asked a question and there are 2 answers, yes and no. Anyone saying they do exist has no reason to lie.

It's irresponsible posts like this that mislead people who don't take the time to verify details. Then you hear someone saying, "I read somewhere that Macs DO have viruses...".

Shall i go on to explain what/how these viruses work?

No, I'll do that for you.

First recorded virus for Mac OS 1982 - Elk Cloner virus, capable of infecting the boot sector of Apple II computers.

1987 - The nVIR virus began to infect Macs, spreading mainly by floppy disk. Source code was later made available, causing a rash of variants.

1988 - HyperCard viruses emerged that could run on versions of Apple's Mac OS 9. One version showed the message "Dukakis for President" before self-destructing.

1990 - The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.

1995 - Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs. Thousands of macro viruses followed, many affecting Microsoft Office for Mac.

1996 - Laroux, the first Excel virus, was released. Mac users were unaffected until the release of Excel 98 meant Macs could become infected.

1998 - Sevendust, also known as 666, infected applications on Apple Mac computers.

No one has said that Macs never have gotten viruses or malware. The fact is, there has been NO virus IN THE WILD that affects CURRENT Mac OS X (Leopard or Snow Leopard) and none ever have. If you read the link I posted, I explain that very clearly. None of the above can affect Leopard or Snow Leopard.

Hackers also wrote a proof-of-concept program called Amphimix which demonstrated how executable code could be disguised as an MP3 music file on an Apple Mac.

Proof-of-concepts don't count and are no threat, as they are not released in the wild where an average Mac user can encounter them. The only way you can get a proof-of-concept virus is to break into the lab where it was created and steal it.

2006 - Leap-A, the first ever virus for Mac OS X was discovered. Leap-A can spread via iChat.
The Inqtana worm and proof-of-concept virus soon followed.

Leap was inaccurately called a virus. It is, in fact, a trojan that can easily be avoided like all other trojans: by using common sense.

The Leap worm is delivered over the iChat instant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.

2007 - Sophos discovered an OpenOffice multi-platform macro worm capable of running on Windows, Linux and Mac computers. The BadBunny worm dropped Ruby script viruses on Mac OS X systems, and displayed an indecent JPEG image of a man wearing a rabbit costume.
Sophos reported the first financial malware for Mac. The gang developed both Windows and Mac versions of their malware.

Again, this is not a virus, as the user must initiate it. From the Sophos site:

The SB/Badbunny-A worm first infects you when you open an OpenOffice Draw file called badbunny.odg.

2008 - Cybercriminals targeted Mac and PC users in equal measure, by planting poisoned adverts on TV-related websites. If accessed via an Apple Mac, surfers would be attacked by a piece of Macintosh scareware called MacSweeper.

Again, this trojan required the user to download and activate it. Not a virus.

In June, the OSX/Hovdy-A Trojan horse was discovered that could steal passwords from Mac OS X users, open the firewall to give access to hackers, and disable security settings.

Again, from the Sophos website:

Like many Windows attacks, this Mac Trojan horse relies on the user giving it permission to install itself. Using social engineering techniques, the Trojan horse could be disguised as a game, a video codec, or a handy new utility.

Troj/RKOSX-A was discovered - a Mac OS X tool to assist hackers create backdoor Trojans, which can give them access and control over your Apple Mac computer.

Another trojan for those foolish enough to download software from a porn site. From Sophos:

As with RSPlug, this most recent Trojan horse is being spread in an unoriginal way. Joe User visits a website expecting to see a video of something pornographic, but is told that they have to install a 'missing Video ActiveX object' before it can be viewed. The downloaded software, however, is in reality a piece of Mac OS X malware.

In November, Sophos warned of the Jahlav Trojan, and Apple issued a support advisory urging customers to run anti-virus software.

Variant of another trojan, not a virus:

The trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse.

2009 - In January 2009, hackers began to distribute the OSX/iWorkS-A Trojan horse via BitTorrent inside pirated versions of Apple's iWork '09 software suite.

Another trojan, which those infected got what they deserved, for pirating software.

In the same month, a new variant of the Trojan was distributed in a pirated version of Adobe Photoshop CS4.

Ditto. If you're foolish enough to pirate software, you get what you deserve. Again, this requires the user be foolish enough to download and actively install the app. That makes it a trojan, not a virus.

In March, Sophos reported on how hackers were planting versions of the RSPlug Trojan horse on websites, posing as amn HDTV program called MacCinema. View a video of this attack here.

Trojan. You know the drill.

In June, SophosLabs discovered a new version of the Tored email worm for Mac OS X, and hackers planted a version of the Jahlav Mac Trojan horse on a website posing as a portal for hardcore porn videos.

Trojan. If you're dumb enough to download and install software from a porn site.....

Shortly afterwards, the Twitter account of celebrity blogger Guy Kawasaki had a malicious link posted onto it, claiming to point to a sex video of Gossip Girl actress Leighton Meester. In reality, however, the link lead unsuspecting users to malware which could infect Mac users.

That's the same OSX/Jahlav-C trojan as previously discussed. Don't download and install apps from porn sites!

Not a single item you listed is a virus in the wild that runs on Leopard or Snow Leopard. Every trojan can be avoided by not pirating software or installing software from porn sites or being careless about entering your admin password.

Sophos wants to sell their anti-virus, so they try to make things sound worse than they are. Any Mac user who exercises common sense has no need for anti-virus to protect their Macs.

 

[mjsmke]

The thread is about Macs in general not just Leopard and Snow Leopard.

The thread has turned into a debate about the corrrect terminology of 'viruses'.

At the end of the day its wise to install a decent Anti 'virus' software on any computer, Mac or PC. (running indows on a Mac means you are at the same risk towards 'viruses' as a PC).

 

[munkery]

First recorded virus for Mac OS 1982 - Elk Cloner virus, capable of infecting the boot sector of Apple II computers.

1987 - The nVIR virus began to infect Macs, spreading mainly by floppy disk. Source code was later made available, causing a rash of variants.

1988 - HyperCard viruses emerged that could run on versions of Apple's Mac OS 9. One version showed the message "Dukakis for President" before self-destructing.

1990 - The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.

1995 - Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs. Thousands of macro viruses followed, many affecting Microsoft Office for Mac.

1996 - Laroux, the first Excel virus, was released. Mac users were unaffected until the release of Excel 98 meant Macs could become infected.

1998 - Sevendust, also known as 666, infected applications on Apple Mac computers.

These are for legacy Mac OS (not UNIX based, etc) so not applicable to Mac OS X.

Shall i go on to explain what/how these viruses work?

For the ones relevant to OS X, please do!

Some represent 3 of 4 known Trojans for OS X. All of which are easily avoided with user knowledge. For example, do not authenticate a password prompt for an installation you have not explicitly initiated and do not install software from untrusted sources (i.e. pirated software and porn codecs).

The others (such as Amphimix, BadBunny, Inqtana) cause no damage so not really relevant and are proof of concepts that were not seen in the wild. No damage because no privilege escalation.

 

[bobr1952]

The thread is about Macs in general not just Leopard and Snow Leopard.

The thread has turned into a debate about the corrrect terminology of 'viruses'.

At the end of the day its wise to install a decent Anti 'virus' software on any computer, Mac or PC. (running indows on a Mac means you are at the same risk towards 'viruses' as a PC).

Yes--but what you really do is confuse new users--who most likely are on Leopard or Snow Leopard--and you don't emphasize that they can avoid trojans by using some common sense when it comes to any prompt that asks for their admin password. Yes, this is a Mac forum so from my thinking, what we should be concerned with is the best and simplest way to protect Mac users. I for one have no problem with any Mac user who choses to run an anti-virus package for whatever reason they choose to do so, but some of us choose to use the common sense approach--which costs nothing and uses no CPU cycles.

 

[GGJstudios]

The thread is about Macs in general not just Leopard and Snow Leopard.

If you read the link I posted: Mac Virus/Malware Info, you would see that there have been viruses in the past that affected older versions of Mac OS, but not current versions, which the vast majority of Mac users are running.

The thread has turned into a debate about the corrrect terminology of 'viruses'.

As already explained, there is a big difference in viruses and trojans. It matters.

At the end of the day its wise to install a decent Anti 'virus' software on any computer, Mac or PC.

It may be your opinion that you prefer to run AV on your Mac, but not doing so is not unwise. It simply means you elect not to bog down your Mac with needless software.

(running indows on a Mac means you are at the same risk towards 'viruses' as a PC).

Running Windows is running Windows.... no matter what hardware you're running it on. The Mac OS X is not at risk from viruses that may infect a Windows partition.

Here's the bottom line: If you CHOOSE to run anti-virus on your Mac, you MAY do so. It is misleading to imply that a Mac user SHOULD run anti-virus in order to protect them from malware. A Mac user may choose to scan for Windows viruses to protect other Windows users, but they have no obligation or responsibility to do so. Each computer user is responsible for their own security.

 

[mjsmke]

Again this is for Mac OSX and not specifically Leopard/Snow Leopard:

http://news.techworld.com/security/5392/worlds-first-os-x-virus-hits-apple/

Also from a link i post earlier:
The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless...........
........Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

 

[GGJstudios]

Again this is for Mac OSX and not specifically Leopard/Snow Leopard:

http://news.techworld.com/security/5392/worlds-first-os-x-virus-hits-apple/

Go back and read in the link I posted about what a virus is and what a trojan is.

Leap-A—or Oompa Loompa, as it’s also known—is a potentially malicious program that’s disguised as a simple image file. This method of delivery is known as a Trojan horse, because it’s one thing pretending to actually be something else. In its present form, the code is hiding in a file named latestpics.tgz , which purports to be a picture of something interesting (OS X 10.5 spy shots, in this case). After expanding the compressed archive, and then double-clicking what appears to be an image file, the Leap-A malware will launch and install itself on your system.

Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.
Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users.

Unlike a virus, Leap-A cannot spread to another computer unless that user invites it by double-clicking the file to launch it. Therefore, it IS a trojan, since it cannot infect other computers without the users of those computers enabling it.

 

[munkery]

The following quote is from this article.

By definitions above, is Leap-A a traditional virus?

It doesn’t propagate externally, so no, it’s not a true Virus, as it does not attach itself to another file. It is what it is; disguised.

It’s not a Worm because it must travel computer to computer by using human intervention, right? Worms are automated.

What’s left? Trojan Horse. In this case, Leap-A does not infect other files, and, only because it’s poorly done, doesn’t have the ability to self-replicate.

It’s a Trojan Horse.

Until there’s a better argument, based on more accurate facts, OS X Leap-A appears to be a poorly constructed Trojan Horse, which could be considered to be a poorly written Worm, or a non-virulent Virus. Since most of the security sites are labeling it as a minor threat, I’ll go with Trojan Horse, if only because of definition; ineffective Worm if you need to argue for the sake of argument.

It is hard to define what a piece of malware is when it hardly does anything at all.

As stated previously, OSX/Leap.a, just like Boonana, is a bad attempt at malware that really was not very malicious at all.

The following is a quote from the individual that first disassembled OSX/Leap.a:

-- It doesn't actually do anything other than attempt to propagate itself via iChat, and then only via Bonjour! (aka "Rendezvous) -- it does not send itself over the Internet, rather just to your local Bonjour user list.

-- It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching

-- It's not particularly sophisticated

--I'd really be tempted to call this thing a non-event; it's poorly written, can't spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all--

Also, OSX/Leap.a would only propagate via Bonjour on PPC Macs so it was even less problematic on Intel Macs. No real damage as no privilege escalation.