Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac OS Safe From CONFICKER Worm???

S

shanshor

macrumors regular
Original poster
Jan 4, 2008
227
82
:eek:I hear news stories about the conficker worm that will supposedly take over out computers. Are Macs safe from Conficker? Does it only effect Windows? And will ClamXAV scan it?
 
As should usually be noted, if there is a Windows installation on your Mac (e.g. Bootcamp, etc), then it is still generally just as vulnerable to the exploit as any other Windows PC.

Also for what it's worth / for completeness's sake...

http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx

The exploit was actually patched in October 2008, before Cornficker went in the wild, so as I understand it, users of Windows who routinely implemented the MS critical security updates should already have been protected. (my XP/SP3 box got it in November, I guess essentially when I turned it on and ran the updater).
 
fyi, just make sure you patch the buffer overflow issue MS08-067 and update a/v if you run a windows bootcamp.
 
Tallest Skil said:
It can't happen. Don't worry about it. It is physically impossible.
Click to expand...

It's probably a bit short sighted to say that it's a physical imposibility, let me explain why I think so.

As it's been mentioned the Conflicker Worm was not developed for Non-NT environments, infact in its current state it won't work outside of a Windows environment so you're pretty safe.

It's however, premature to say that the worm will not be altered and re-engineered to target nix based systems. If the worm continues to grow at its current rate i'd estimate it'll be cross-platform compatible by the end of the summer.
 
McKnight said:
It's however, premature to say that the worm will not be altered and re-engineered to target nix based systems. If the worm continues to grow at its current rate i'd estimate it'll be cross-platform compatible by the end of the summer.
Click to expand...

Ahhh, I looked that up, and I guess there is a method by which it can infect (but not resist detection, necessarily) a patched Windows machine?

Certainly there have been Trojans in the wild on OS X, although for the most part they still involve downloading and installing software from a suspect source. Gotta continue to be careful....
 
It's all about attack vectors.

A large majority of Mac users employ the Firefox web browser which has recently been subject to disclosure of vulnerabilities that allow for "drive by downloads", one could implement such a "drive by download" with the obejctive of infecting the target(s) with a modified (nix based) Conflicker or similar worm.

There's not a system in the world that's invulnerable, however using a Mac makes you much less of a target, right now at least and hopefully into the future.
 
Look through the ClamAV database. It lists a single OS X threat: "OSX.DNSChanger", which is actually OSX.RSPlug.A, which was discovered in late 2007.
 
Jethryn Freyman said:
Look through the ClamAV database. It lists a single OS X threat: "OSX.DNSChanger", which is actually OSX.RSPlug.A, which was discovered in late 2007.
Click to expand...

Yeah, so it doesn't only detect Win threats.

One round in the magazine is still enough to kill.
 
As it happens, neither the insertion vector nor the exploit program works on a Mac. However, this doesn't mean your computer is unaffected by the likely consequences of having this worm in the wild: it will surely become a spam botnet or, less likely, used in a denial of service attack. In either case, your computer can still get spammed / DOS'd.

Anyway, this is one awesome little worm, I think we can all agree to that.
 
Damn you, NotjustJay...you beat me to the punch. Well done!

notjustjay said:
Prediction: It begins to learn at a geometric rate, and becomes self-aware at 2:14 a.m. Eastern time, August 29th.
Click to expand...

I was ready to type and you did it first.

Hasta la vista (or is it 'MS VISTA'), Baby! :rolleyes:
 
Jethryn Freyman said:
Look through the ClamAV database. It lists a single OS X threat: "OSX.DNSChanger", which is actually OSX.RSPlug.A, which was discovered in late 2007.
Click to expand...

I did and you are wrong..

Here are three I found with the first search I did.


OSX.RSPlug
OSX.Trojan-2
Trojan.Exploit.Osx.Launch.B
OSX.DNSChanger
 
Tallest Skil said:
They're all patched and old, though, so they're moot.
Click to expand...

Still, I think there is an impression that Clam is just a detector of Windows infections, and that, when these Mac exploits do arise, they are not detected by Clam. That is incorrect -- Clam does carry whatever OS X virus/etc definitions exist, and these definitions are generally updated as necessary.

If a new OS X virus, trojan, worm, etc appears, it will not generally be picked up by a virus checker any more than a new Windows virus or trojan would be. But this is merely a statement that the way virus checking for Mac OS is, is the same as virus checking for Windows.

In short, Clam does check for OS X viruses, and its definitions are / would be updated for any as they arise, although it practically is moot because there really aren't many.
 
I must have missed those 3.

OSX.DNSCHanger is OSX.RSPlug.A.

They are all old and patched. Nothing released in the past two years is on there, so Clam is not a good solution for detecting OS X threats.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back