Yet another "Mac Viruses" Thread

[Oral B]

I've seen many people on here saying that there are no documented cases of viruses ever hitting the Mac. The things that people say were viruses were really trojans or malware, but never an actual virus. I took there word for it, and threw that little tidbit into a presentation I just did for class.

Some guy in there argued against that, saying that Macs have been infected in the past. I said that they couldn't have been viruses, and must have been a trojan or another form of malware. Not a virus. So, I got home, jumped on here again and confirmed everyone saying that there are no documented viruses ever. Well, he just sent me a pretty nifty list of viruses. Here it is:

1982: 15-year-old Rich Skrenta creates the first known Macintosh viruses to go wild, Elk Cloner. The boot sector virus spreads itself on Apple II computers via infected floppy disk, and results in a short poem showing up every 50th boot.

1994: The short-lived INIT-29-B virus modifies system files and other applications, sometimes crashing the system.

1995: The HyperCard HC-9507 virus puts Mac users in a “pickle” by spreading to other HyperCard stacks.

1998: The “Hong Kong virus” (actually a worm called AutoStart 9805) uses the AutoPlay feature of QuickTime to infect PowerPCs by copying itself across disk partitions.

2006: The OSX/Leap-A (aka OSX.Oomp) worm spreads through the iChat buddy lists by sharing the file latestpics.tgz file (falsely advertised as leaked screenshots of the new OS 10.5 Leopard).

2006: The proof of concept virus OSX.Macarena poses no threat, but can infect files in the current folder of Intel-based Macs.

2008: The Trojan horse AppleScript.THT takes advantage of vulnerability in the Remote Desktop Agent feature, hides itself from the firewall and allows hackers to take control of the infected computer.

2008: The OSX.Lamzev.A and OSX.TrojanKit.Malez Trojan horses are created to open a back door. Fortunately, a hacker would pretty much have to have control of your Mac already to use it.

2008: Masquerading as a video codec on adult websites (always a tip-off), the OSX.RSPlug.D Trojan allows a remote server to download files.

2009: Illegally downloaded copies of the popular software iWork ’09 and Adobe Photoshop CS4 come with the malicious OSX.Iservice and OSX.Iservice.B Trojans used to steal users passwords in attempts to create iBotNet.

2010: A new iteration of the Trojan horse OSX/HellRTS threatens to duplicate itself and open a backdoor for hackers.

2011: Rogue antivirus program (aka "scareware") MACDefender attempts to convince users to install the fake Mac security software, which then pushes porn popups to encourage you to purchase the software to "fix" the problem.

Most look like trojans. But what's up with INIT-29-B? Is this just more confusion between viruses and other forms of malware, or were the people on here telling me that a virus has never hit the Mac misinformed?

 

[chown33]

1982: 15-year-old Rich Skrenta creates the first known Macintosh viruses to go wild, Elk Cloner. The boot sector virus spreads itself on Apple II computers via infected floppy disk, and results in a short poem showing up every 50th boot.

There were no Macs in 1982. A Mac is not an Apple II. Different CPUs, OSes, etc. And the floppy-disk drives are completely different: 3.5" vs. 5-1/4". So "Not a Mac virus"; not even Mac malware of any kind.

I said that they couldn't have been viruses, and must have been a trojan or another form of malware. Not a virus.

This is simply wrong.

There were INIT viruses that spread via floppy disk on earlier Macs. I had to fix a program I wrote so it wouldn't crash when it got infected, so the malware definitely existed, and it was a self-propagating malware that spread by adding itself to programs on disk. So that's pretty much the definition of a virus.

You are mistaking "No Mac OS X virus" for "No Mac OS virus". Mac OS X is Unix based; Mac OS (or Mac System Software) was the predecessor OS, and had a completely different design.

You may also be mistaking "No current Mac OS X virus" for "No Mac OS virus ever, either past or present".

 

[pdjudd]

How can I respond to this? It looks like most are torjans, but what's up with INIT-29-B and the others?

Most of them are trojans, but some of them were virus' but none of them really were designed for anything approaching modern hardware. They were built for different OS's (Not OSX) and even different hardware platforms and reference software that no longer exists.

OS9 did have some viruses, but OSX doesn't have anything in the wild except for the one in 2006 (which I don't even think was ever in the wild anyhow) which is nothing more than a POC and is over 8 years old at this. Everything else is for older legacy non OSX systems or is not a "virus"

It is very accurate to say OSX doesn't get viruses. That doesn't contradict the list you gave at all. For something to be a virus it has to be something very specific.

 

[Oral B]

Awesome, thanks a lot guys!

 

[Gregg2]

There were no Macs in 1982.

A dubious source then, eh?

I could never get my early 1997 iPhone to work either.

 

[cody92]

It is very accurate to say OSX doesn't get viruses. That doesn't contradict the list you gave at all. For something to be a virus it has to be something very specific.

I have to disagree with you there. Any OS that can execute a program that can have read and write access to where other programs are stored(even if root required) can "get" a virus. There may not be any documented cases out there of anything major, but it's easy and highly possible to do.

Windows users are usually easy targets and have more users, so all the effort goes there. A lot of people just click "Yes" at the UAC window even if the publisher is unknown.

Back to Mac, once you give a process superuser privileges(whether it be the GUI enter your password way or through "sudo"), that process can infect other applications and you would be screwed. Same exact thing with a linux distro.

Therefore, Mac does/can "get" viruses, they are just much more rare.

 

[Gregg2]

Therefore, Mac does/can "get" viruses, they are just much more rare.

In fact, a Mac OSX virus is so rare, that not a single one has ever been documented, or discovered for that matter. So to your statement, I say, "can", maybe so, "does", no, not so far.

That bit about there being more Windows computers making them targets for malicious hackers, yada, yada, yada, is an urban myth. Also a myth, that it's easy to write a virus for a Mac. It isn't. But, you can prove me wrong: write one and release it. You'll make the evening news!

 

[cody92]

That bit about there being more Windows computers making them targets for malicious hackers, yada, yada, yada, is an urban myth. Also a myth, that it's easy to write a virus for a Mac. It isn't. But, you can prove me wrong: write one and release it. You'll make the evening news!

This view seems naive. Do you know what makes a machine vulnerable? Well we can start by imagining visiting a malicious website on a windows machine vs. say a mac. Say they are using an exploit on particularly the firefox browser, maybe buffer overflow. With that overflow they inject some shell code(machine code). This shell code is for WINDOWS(!) because it calls an interrupt to launch a particular system call. Guess what? That system call is either different or may not exist on a mac. Heck, that exploit may not exist on the browser in another OS. This is a hacking way of doing it. Of course there is an easier way where you could just trick the user with some social engineering to install the virus.

Anyway, writing a virus on a mac is on average the same difficulty as on windows. Point is, with root privileges(UAC on windows), a process can do whatever it wants to the machine, including corrupting your disk. I can write a program to show you, but I think there is even an easier way just by writing a simple bash script. If you really want to see it, put Mac OS X on a VM so it won't kill your system. Why wouldn't the following script work to cause destruction?

DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU'RE DOING!!

#!/bin/bash
dd if=/dev/zero of=/dev/disk0 bs=4k conv=notrunc

Pulled that pretty much right off the dd utility wikipedia page.

 

[Gregg2]

If it was so easy, there would be a virus that affects Mac OSX. There isn't.

 

[simsaladimbamba]

@ cody92

As you probably know, a virus is a piece of malware that installs itself and propagates itself WITHOUT USER INTERACTION.
What you described needs user interaction and does not propagate itself.

And that market share / popularity argument can easily be debunked, as Mac OS 8 and 9 has had 70 to 80 viruses affecting it. Now as you probably know, there have not been iPods or iPhones and iPads back then, but as those three products stimulated Mac growth quite a lot, there are now more Macs running Mac OS X than there have been computers running System 1 to System 7 and Mac OS X 7.6 to Mac OS 9, which indicates, that there are more Macs now being virus free than there have been in the 90s.

While Mac OS X is not malware free, it is harder to write viruses for them, as they need escalated privileges and Mac OS X does not give them without user consent. The past exploits often called viruses for Mac OS X have been trojans or scareware, user interaction has been needed to install them and those "viruses" did not propagate themselves.

If you want to learn more about malware in Mac OS X and what steps can be taken to protect yourself, read the following F.A.Q.:

Mac Virus/Malware Info by GGJstudios​

 

[aristobrat]

Anyway, writing a virus on a mac is on average the same difficulty as on windows. Point is, with root privileges(UAC on windows), a process can do whatever it wants to the machine, including corrupting your disk. I can write a program to show you, but I think there is even an easier way just by writing a simple bash script.

I think the bigger issue here is semantics.

For a lot of people, the term "virus" implies that the code not only does something bad (like your DD example), but the code is also written to be able to replicate itself to other computers (unlike your DD example).

To your original point, yeah, it's quite easy to write code that does something bad. And it's probably not too difficult to find a way to trick a user into giving their credentials to the OS to run that code with full administrator rights. And nobody's denying that these types of things don't already exist for OS X -- they most definitely do.

But if that code stays on that person's Mac and doesn't trying to spread itself, then using the common definition of the term "virus", it doesn't qualify IMO. Is OS X invulnerable to these types of things? Absolutely not.

Is it as easy to write a true virus on OS X as it is on Windows? I don't have anything factual to answer that with, but I'd think that the first person who does that will get so much "street cred" for having done so, it's impossible to understand why it hasn't been done yet (if it was really as easy).

----------

While Mac OS X is not malware free, it is harder to write viruses for them, as they need escalated privileges and Mac OS X does not give them without user consent.

Additionally, (at least to me) it seems a default install of OS X has fewer "services" turned on that are listening on the network than older versions of Windows (like XP) do.

IMO, that reduces the number of vectors/potential hack points/whatever for a virus to try and exploit when trying to find a way to propagate itself without user interaction.

 

[cody92]

The script was a proof of concept. A virus of course attaches itself to other programs. The point was that all it needs is root privileges to do so. Now, there have been patched exploits in the recent past that allowed malware to make its way as root. These same exploits can be used by viruses and probably have. Maybe not a sophisticated one since we didn't hear about it. But also remember that there could be thousands of undiscovered exploits, maybe some known by some guy in his moms basement running a private website.

Anyway, it really is a "myth" to say that a Mac can't get a virus. Seems silly to assume we would all know if one existed.

 

[simsaladimbamba]

Anyway, it really is a "myth" to say that a Mac can't get a virus. Seems silly to assume we would all know if one existed.

If you have read any of the posts, we do not say, that Macs do not get viruses, it is just, that there has been no virus affecting Mac OS X in public circulation yet, and that has been the case for over a decade. Maybe someone will write a virus once and release it to the public, and I agree with aristobrat, it would be big news and a lot of hype for that one programmer out there. It would not go unnoticed, believe us.

It might not be titled the first Mac OS X virus, since it has been used quite often already, even if the malware discovered was not a virus.

Anyway, since you do not seem to have any proof (we cannot give you proof of something that does not exist), this thread will probably end like almost any Mac OS X virus thread on here.

 

[cody92]

It is very accurate to say OSX doesn't get viruses.

Sounds kinda like that's what he's saying.

Malware is much more useful economically than a virus, so any exploit found is used for malware instead of a virus. It will happen soon I'm sure. As Mac gets more popular because of Microsoft's mistake. Mac will be a target. Think about android? "Malware" has been all over the place because its easy to post it where android users will see and android is commonly used. Apple of course has to approve an app so it doesn't happen that often on iOS. Windows has been a target because of popularity and also the number of computer illiterate users. Not necessarily because its an "easy" target.

 

[aristobrat]

Sounds kinda like that's what he's saying.

I think there's a difference between the words DON'T and CAN'T.

"Macs running OS X today don't get viruses, because there aren't any out there for them to get". That is a true statement at the moment.

IMO, that's completely different from saying "Macs running OS X today can't get viruses". That's never a true statement.

As Mac gets more popular because of Microsoft's mistake. Mac will be a target.

The facts show that Macs do NOT need to be popular in order to have viruses.

Between 1997 and 2001, when Macs were extremely unpopular (as compared to their current popularity), there were 80-90 different Mac OS 8 and Mac OS 9 viruses.

Then Apple releases Mac OS 10 (X), and the viruses went from 80-90 down to zero, where the count has basically stayed for the last 13 years.

 

[cody92]

Also, without user consent does not fall with the term "virus". Some odd 90% of windows "viruses" are done by user consent. They are tricked into giving the virus escalated privileges. It would be the same with a Mac, but again, Mac users aren't faced with so many fake applications that pose as real applications that windows users do. So once the popularity hits high enough, they will be the same thing for Mac. Tricking users into giving escalated privileges just like most windows viruses.

Why waste time writing a Mac virus when a windows virus will give you much more and easier targets?

 

[simsaladimbamba]

Why waste time writing a Mac virus when a windows virus will give you much more and easier targets?

Especially now, as there are fewer Mac OS X users than there were Mac 8 and 9 users, which had actual viruses affecting them. And I guess the same can be said about iOS and Android, as iOS has not even remotely as many users as Android, iOS will not be a target for malware writers unless iOS gets a significant market share. Gladly the OS and its mechanisms has nothing to do with it and only market share and popularity are signs of what to write viruses for. I mean, 60 million Mac OS X devices and 450 million iOS devices is nothing compared to the numbers of Windows and Android devices, thus there is no money to get from people buying Apple hardware, as they already have spent all their life savings for getting those.

Ah, I love those threads, writing ridiculous spinach with the cat.

 

[aristobrat]

Some odd 90% of windows "viruses" are done by user consent. They are tricked into giving the virus escalated privileges.

IMO, if they're tricked into giving code escalated privileges, unless that code then tries to replicate itself to other systems, it's a trojan horse, not a virus.

And having "escalated privileges" is only part of the battle when it comes to replicating. There need to be other computers that can be exploited. You can be a virus running with "escalated privileges" all day long, but you're not copying yourself automatically onto my Mac just because of that. You'd need to find some exploit on my Mac to let yourself in with. With fewer network-listening services turned on by default (compared to XP), OS X has less of a surface area for you to try and exploit, IMO.

Why waste time writing a Mac virus when a windows virus will give you much more and easier targets?

Street cred. You'd be infamous if you're the first one to write a Mac virus that actually gets out in the main stream. IMO, that'd be something you could very easily turn into money, be it getting snatched up as an employee by a security company, or going underground and selling your method.

 

[dejo]

Also, without user consent does not fall with the term "virus".

Source?

 

[stuffradio]

A dubious source then, eh?

I could never get my early 1997 iPhone to work either.

In most cases you were probably holding it wrong.

 

[cody92]

Source?

If I wrote a program to look like an adobe flash player update, sent you or linked to you the download to that update. You run it, it asks for your password to install the update as normal. Now it infects other apps. You were tricked into giving that program access. Do you consider that a virus? The one person talked about attacking open network ports. Isn't that a worm? Or am I mistaken? I don't care too much about defining terms so maybe a have a different or wrong idea of what it means to be a virus. Either way, malicious software in general is existent in Mac, so I'm not seeing what the point is of specifying a particular type of malicious software.

 

[0dev]

There were multiple Mac Defender variants that did indeed install themselves without user knowledge if the user had Java enabled in their browser. However, it didn't spread itself from that computer, it only spread through rouge ads. So a true virus? Not technically. But self-installing malware? Yep.

 

[OnceYouGoMac]

I had my first Mac virus a couple of weeks ago. It was on my Macbook Air and I was browsing the internet, as you do, and then all of a sudden I got a virus warning and I had to go and remove it using my AV. Dad was gloating as he thought the smuggery was knocked out of me

 

[aristobrat]

I don't care too much about defining terms so maybe a have a different or wrong idea of what it means to be a virus.

It's cool that you don't care about that, but if you go back to the original post in this thread (which lists known pieces of malicious software that affect Macs and then goes on to ask "Is this just more confusion between viruses and other forms of malware?"), one of the premises of this thread is specifically about defining terms.

Did you start this thread in the middle?

 

[simsaladimbamba]

If I wrote a program to look like an adobe flash player update, sent you or linked to you the download to that update. You run it, it asks for your password to install the update as normal. Now it infects other apps. You were tricked into giving that program access. Do you consider that a virus? The one person talked about attacking open network ports. Isn't that a worm? Or am I mistaken? I don't care too much about defining terms so maybe a have a different or wrong idea of what it means to be a virus. Either way, malicious software in general is existent in Mac, so I'm not seeing what the point is of specifying a particular type of malicious software.

Just because you do not care to know the specifics what malware actually is and what defines a trojan or a virus, does not mean, we have to ignore it.
Again, what you describe is a trojan (piggybacking on some other software), not a virus, since a virus would not need to piggyback in the first place.
But then again, you do not care about that or know that much about computers in the first place, as is evident by your other posts outside this thread.

I had my first Mac virus a couple of weeks ago. It was on my Macbook Air and I was browsing the internet, as you do, and then all of a sudden I got a virus warning and I had to go and remove it using my AV. Dad was gloating as he thought the smuggery was knocked out of me

No, you did not. What AV software were you using and what malware was shown to have been located on your Mac?
The probability is high, that it was Windows malware, which does not affect Mac OS X.
Maybe show your dad this:

Mac Virus/Malware Info by GGJstudios​