Mac OS Safe From CONFICKER Worm???

Discussion in 'macOS' started by shanshor, Mar 29, 2009.

  1. shanshor macrumors regular

    Joined:
    Jan 4, 2008
    #1
    :eek:I hear news stories about the conficker worm that will supposedly take over out computers. Are Macs safe from Conficker? Does it only effect Windows? And will ClamXAV scan it?
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    Yes, yes, and yes.

    And it affects Windows. Or it has an effect on Windows. It does not effect Windows -- that means something completely different. :p
     
  3. smurfjammer macrumors 6502a

    smurfjammer

    Joined:
    Jun 7, 2004
    Location:
    Auckland, New Zealand
    #3
    Q1 Yes
    Q2 Yes
    Q3 Yes

    (Damm beaten by mkrishnan)
     
  4. joe01 macrumors member

    joe01

    Joined:
    Jul 8, 2008
    Location:
    Tx
    #4
    Conficker

    Is there any mac antivirus that can preevent Conflick worm ?
     
  5. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #5
    It can't happen. Don't worry about it. It is physically impossible.
     
  6. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    As should usually be noted, if there is a Windows installation on your Mac (e.g. Bootcamp, etc), then it is still generally just as vulnerable to the exploit as any other Windows PC.

    Also for what it's worth / for completeness's sake...

    http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx

    The exploit was actually patched in October 2008, before Cornficker went in the wild, so as I understand it, users of Windows who routinely implemented the MS critical security updates should already have been protected. (my XP/SP3 box got it in November, I guess essentially when I turned it on and ran the updater).
     
  7. acurafan macrumors 6502a

    Joined:
    Sep 16, 2008
    #7
    fyi, just make sure you patch the buffer overflow issue MS08-067 and update a/v if you run a windows bootcamp.
     
  8. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #8
    Someone just watched 60 Minutes didn't they?

    In before running Win32 on OS X using nothing but OS X.
     
  9. McKnight macrumors member

    McKnight

    Joined:
    Mar 29, 2009
    #9
    It's probably a bit short sighted to say that it's a physical imposibility, let me explain why I think so.

    As it's been mentioned the Conflicker Worm was not developed for Non-NT environments, infact in its current state it won't work outside of a Windows environment so you're pretty safe.

    It's however, premature to say that the worm will not be altered and re-engineered to target nix based systems. If the worm continues to grow at its current rate i'd estimate it'll be cross-platform compatible by the end of the summer.
     
  10. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #10
    Ahhh, I looked that up, and I guess there is a method by which it can infect (but not resist detection, necessarily) a patched Windows machine?

    Certainly there have been Trojans in the wild on OS X, although for the most part they still involve downloading and installing software from a suspect source. Gotta continue to be careful....
     
  11. McKnight macrumors member

    McKnight

    Joined:
    Mar 29, 2009
    #11
    It's all about attack vectors.

    A large majority of Mac users employ the Firefox web browser which has recently been subject to disclosure of vulnerabilities that allow for "drive by downloads", one could implement such a "drive by download" with the obejctive of infecting the target(s) with a modified (nix based) Conflicker or similar worm.

    There's not a system in the world that's invulnerable, however using a Mac makes you much less of a target, right now at least and hopefully into the future.
     
  12. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #12
    Clam will detect it, as ClamXAV only detects Windows threats.
     
  13. Objectivist-C macrumors 6502

    Joined:
    Jul 1, 2006
    #13
    [Citation needed]
     
  14. lostngone macrumors demi-god

    lostngone

    Joined:
    Aug 11, 2003
    Location:
    Anchorage
    #14
    That is incorrect, it will detect some Mac OS X threats.
     
  15. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #15
    Look through the ClamAV database. It lists a single OS X threat: "OSX.DNSChanger", which is actually OSX.RSPlug.A, which was discovered in late 2007.
     
  16. McKnight macrumors member

    McKnight

    Joined:
    Mar 29, 2009
    #16
    Yeah, so it doesn't only detect Win threats.

    One round in the magazine is still enough to kill.
     
  17. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #17
    Not when it's been patched for about a year, it isn't.
     
  18. mason.kramer macrumors 6502

    mason.kramer

    Joined:
    Apr 16, 2007
    Location:
    Watertown, MA
    #18
    As it happens, neither the insertion vector nor the exploit program works on a Mac. However, this doesn't mean your computer is unaffected by the likely consequences of having this worm in the wild: it will surely become a spam botnet or, less likely, used in a denial of service attack. In either case, your computer can still get spammed / DOS'd.

    Anyway, this is one awesome little worm, I think we can all agree to that.
     
  19. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #19
    Prediction: It begins to learn at a geometric rate, and becomes self-aware at 2:14 a.m. Eastern time, August 29th.
     
  20. elgrecomac macrumors 65816

    elgrecomac

    Joined:
    Jan 15, 2008
    Location:
    San Diego
    #20
    Damn you, NotjustJay...you beat me to the punch. Well done!

    I was ready to type and you did it first.

    Hasta la vista (or is it 'MS VISTA'), Baby! :rolleyes:
     
  21. lostngone macrumors demi-god

    lostngone

    Joined:
    Aug 11, 2003
    Location:
    Anchorage
    #21
    I did and you are wrong..

    Here are three I found with the first search I did.


    OSX.RSPlug
    OSX.Trojan-2
    Trojan.Exploit.Osx.Launch.B
    OSX.DNSChanger
     
  22. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #22
    They're all patched and old, though, so they're moot.
     
  23. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #23
    Still, I think there is an impression that Clam is just a detector of Windows infections, and that, when these Mac exploits do arise, they are not detected by Clam. That is incorrect -- Clam does carry whatever OS X virus/etc definitions exist, and these definitions are generally updated as necessary.

    If a new OS X virus, trojan, worm, etc appears, it will not generally be picked up by a virus checker any more than a new Windows virus or trojan would be. But this is merely a statement that the way virus checking for Mac OS is, is the same as virus checking for Windows.

    In short, Clam does check for OS X viruses, and its definitions are / would be updated for any as they arise, although it practically is moot because there really aren't many.
     
  24. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #24
    I must have missed those 3.

    OSX.DNSCHanger is OSX.RSPlug.A.

    They are all old and patched. Nothing released in the past two years is on there, so Clam is not a good solution for detecting OS X threats.
     
  25. sleepdeprived macrumors newbie

    Joined:
    Mar 7, 2008
    #25
    OMG!
    LOL!
    *sigh*

    Thanks for my first good laugh today!
    :)
     

Share This Page