Help! Do I have malware?

Discussion in 'Mac Apps and Mac App Store' started by Ran23, Aug 21, 2012.

  1. Ran23, Aug 21, 2012
    Last edited: Aug 21, 2012

    Ran23 macrumors newbie

    Joined:
    Aug 21, 2012
    #1
    Hi all,

    Long time reader here, first time poster...

    I have Little Snitch installed. I use an app [that shall remain nameless in case this is a false alarm], but I was recently reviewing connection attempts in Little Snitch, and it claims that [this app] accessed "anonops.com" I checked this website and it seems to be an IRC server run for/by Anonymous (?) but I don't really know. I know it gets its app updates by connecting to [this app's official domain], so this was something different.

    Can anyone shed any light as to why [this app] was trying to access this domain? I don't want to accuse anyone of making malware, but obviously if the developer was responsible I can't just ask them and assume I'd be given an honest answer.

    I'm running Mountain Lion and follow security best practices (don't open/install packages unless I know where they come from, browse the web with Java disabled, use Click2Flash and AdBlock, have "open safe files" disabled, no pirated software, etc.) so I wouldn't have thought I'd have been infected with anything.

    I'm open to any suggestions as what to do next. (I cross-posted this question to apple.stackexchange.com too) Unfortunately, I haven't been able to detect another connection attempt yet otherwise I could try and figure out what's going on.

    I just want to emphasise I'm not accusing the developer of anything. If, somehow, I do have malware maybe it's possible it's just using this application to access the Internet? Or maybe there's a legitimate reason it would need to contact this domain?

    Any help would be *really* appreciated.

    Thank you.
     
  2. Ran23 thread starter macrumors newbie

    Joined:
    Aug 21, 2012
    #2
    Possibly a false alarm. I've been told that Little Snitch uses reverse DNS to find out what website an app is trying to access, and that [this developer's] website may just be hosted on the same service as the other site . . .
     
  3. allan.nyholm macrumors 6502a

    allan.nyholm

    Joined:
    Nov 22, 2007
    Location:
    Aalborg, Denmark
    #3
    Couldn't you just tell us the name of this app so that we have a fighting chance of investigating it ourselves? I for one would like to know if I have that app and if it's doing stuff I should be aware of.
     
  4. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #4
    What is the name of the app? Where did you get it from?
     
  5. Ran23 thread starter macrumors newbie

    Joined:
    Aug 21, 2012
    #5
    I contacted the developer, and got a response, and it looks like it was just a glitch: the developer uses the same content delivery service as that Anonymous website, which is why when Little Snitch looked up the IP address it returned the wrong URL.

    I'm just posting to say it seems like a false alarm, and I really do appreciate the replies here. I just didn't want to name the app until I gave the developer a chance to respond, because it could have created a load of bad publicity for them when it turned out to be something completely innocent. So I thought not naming them (at least until I heard the developer's response) was the responsible thing to do...

    I'd asked the question originally mostly to see if this would have alarmed anyone else if they'd seen this happen, or if I was worrying about nothing.
     

Share This Page