Possible Attack?

Discussion in 'MacBook Pro' started by Inspired, May 11, 2011.

  1. Inspired macrumors regular

    Inspired

    Joined:
    Jun 9, 2009
    #1
    So I was playing neopets a few days ago.(not a big gamer, I like simple games). And suddenly this popped out of no where. It started downloading a .DMG file, I immediately cancelled it. I didn't think too much about it ever since. Then the next day I was playing neopets again and same thing happened. Everything on my Activity Monitor looks normal. The free anti-virus software I use like ClamXav doesn't show anything. SO now I turn to you Guru's of MR to give me my final verdict. Is there anything I should worry about?
     

    Attached Files:

  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    There has never been a virus in the wild that affects Mac OS X since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some education and common sense and care in what software you install:
    The first section of that link deals specifically with the MacDefender/MacSecurity/MacProtector issue, which is what you encountered. I encourage you to read it.
     
  3. Inspired thread starter macrumors regular

    Inspired

    Joined:
    Jun 9, 2009
    #3
    Thanks GGJstudios. I've read it before, I just like to double check. :) You're awesome.
     
  4. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #4
    the apple sec you see being downloaded is a well known trojan. It's also called MacDefender and there are several threads about it. You can tell it;s a scam since it says you have 62 viruses on your computer. there has never been a virus on osx in the wild.
     
  5. jtara macrumors 65832

    Joined:
    Mar 23, 2009
    #5
    You've given us a screenshot, but you haven't said of what. What is "this"? This kind of looks like a screenshot of Finder, but not quite. Were you browsing the web? You say you were playing "neopets", but I have no idea what that is (an application? a web-based game?) so you need to explain that to those of us who are in the dark about "neopets".

    If this is a browser window, I imagine whatever website you were browsing is either infected or carries some deceptive advertising which popped this up.

    Of course, you should NEVER approve the installation of software when you yourself didn't initiate the download.

    While it's NOT true that "there has never been a virus in the wild that affects OSX, this is certainly some sort of scam, and isn't something provided by Apple.
     
  6. Kebabselector macrumors 68030

    Kebabselector

    Joined:
    May 25, 2007
    Location:
    Birmingham, UK
    #6
    Can you provide a link for this information?
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Read the link I posted. It tells you exactly what it is.
    Yes, it IS true. Prove otherwise by naming one virus in the wild that affects Mac OS X. Just one.
     
  8. Macsavvytech macrumors 6502a

    Macsavvytech

    Joined:
    May 25, 2010
    #8
    GGJs please just let it go this time I can't afford anymore popcorn. If you guys start arguing about a fact which is true (Stated by GGJs: Never been a viruse ever for Mac OSX in the wild), I might end up using biscuits instead of popcorn ;( .
     
  9. Jiten macrumors 6502a

    Jiten

    Joined:
    Jul 16, 2008
    #9
    Yeah, I seem to have encountered something similar when I clicked on a random ad (can't remember). It played an animation that it was scanning my Mac and automatically triggered a download of a zip file. I promptly closed the window, canceled the download and deleted the file.
     
  10. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    Sorry, I won't let it go. People who read these threads for years to come can be misled by such false statements. It's really silly how many threads there are on this, and how many continue to post things that aren't true, even with so many examples where others have posted the same thing, only to be proven wrong every single time. You'd think they'd do even a tiny bit of research to prevent embarrassing themselves in an open forum by displaying their lack of knowledge about this topic.

    Now, do you want butter for your popcorn? Salt? Want a drink with that? :D
     
  11. Inspired thread starter macrumors regular

    Inspired

    Joined:
    Jun 9, 2009
    #11
    Sorry to interrupt

    This thread is not to discuss the existence of viruses on MAC OS X. I simply wanted to double check with the community to see if I may have been attack. Obviously I have not. GGJ, as much as I enjoy watching your epic battles with skeptics, I do not wish for it to happen to this thread. TO ANYONE WHO WISHES TO CHALLENGE GGJ on the existence of wild viruses on OS X, PLEASE START ANOTHER THREND. BE WARNED: If you are unable to show us one piece of evidence where there has been a virus in the wild affected the OS X, you should probably stop wasting your time. THANKS AGAIN FOR ALL THE FEEDBACK I RECEIVED.

    [THREAD CLOSE]
     
  12. wpotere Guest

    Joined:
    Oct 7, 2010
    #12
    Out of popcorn myself! :p That being said, we have been beating off a lot of virus misinformation lately. Glad to see GGJ on it! :D
     
  13. Ccrew, May 12, 2011
    Last edited: May 12, 2011

    Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #13
    Otherwise:

    http://www.sophos.com/en-us/press-office/press-releases/2006/02/macosxleap.aspx

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99

    From the Sophos link:

    Is Leap-A a virus or a Trojan?
    Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

    However, this is not the definition of a Trojan horse.

    A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

    Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

    OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

    Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.
     
  14. wpotere Guest

    Joined:
    Oct 7, 2010
    #14
    Sophos is going to tell you want you want to hear so that they can sell software to you. By definition Leap-A is NOT a virus as it can not self replicate.

    If I have a product to sell I would do my best to market it as a NEED as well. :rolleyes:
     
  15. Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #15
    You're splitting hairs. It qualifies.

    "Definition: In computer technology, viruses are malicious software programs, a form of malware. By definition, viruses exist on local disk drives and spread from one computer to another through sharing of "infected" files. Common methods for spreading viruses include floppy disks, FTP file transfers, and copying files between shared network drives."
     
  16. wpotere Guest

    Joined:
    Oct 7, 2010
    #16
    It is still a worm, not a virus, there is a difference and in this case it does require the user to intervene. So we are really not splitting hairs, just calling it how we see it.

    Sophos is a company that produces software, they are going to market it in a way that makes you want to buy it. If you are that scared then go for it. :rolleyes: However, I have been running my mac on open networks for many years and not once have I had a problem. I recently installed Norton just to see if it would find anything. Guess what? It found nothing and when I tried to remove Norton, it trashed the system and I had to rebuild it. As a computer professional I don't recommend it as there is just not a significant threat. Just be careful and don't install software that you don't know where it came from (torrents or automatic downloads) and you will be fine.

    The person splitting hairs here is you. You are trying to make something that simply isn't. Do you work for Sophos?
     
  17. Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #17
    No, I run IT for a major news organization. Which means I'm around people that will analyze the whole situation and the information available rather than depend on personal beliefs and conjecture. Multiple links above from multiple sources. You seems to be falling back to Sophos. I don't. I can find you links all day.

    GGJStudios who is the master of posting links said post them. I did. Including the quote about the fanboi claims that there was no virus ever....
     
  18. wpotere Guest

    Joined:
    Oct 7, 2010
    #18
    You make no sense... Leap-A still requires user intervention to be installed so having a program to sense it is still pointless. It is still classified as a worm and not a virus, even on the sites that you listed so I fail to see your point. GGJ is correct, OSx is still virus free. I fall back to Sophos because that is all you seem to post.
     
  19. GGJstudios, May 12, 2011
    Last edited: May 12, 2011

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #19
    From the Symantec link you posted:
    The Leap worm is delivered over the iChat instant messaging program as a gzip-compressed tar file called latestpics.tgz. For the worm to take effect, the user must manually invoke it by opening the tar file and then running the disguised executable within.
    The OSX.Leap.A trojan cannot infect or spread without the user actively making that happen. It does not meet the criteria for a virus:
    This specific discussion about this trojan has been discussed repeatedly in this forum, such as in this thread: Has anybody ever had a virus on their mac? It simply is NOT a virus. If you think it is, you don't understand the difference between a virus and a trojan. Thanks for playing. Try again.
     

Share This Page