Warning: My Mac Was Attacked!

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#1
First of all a note to the Moderators.
I know this is not the section to post Mac related threads. I am posting here so this does not get buried down in the iMac section. I wanted as many forum readers to see this as possible. Many readers never even scroll down to the iMac section. Please forgive me but I feel this is a very important read.


I was lying in bed last night reading. My iMac which sits on the desk in my bedroom was in sleep mode. I noticed the screen come back on all of a sudden (basically waking the iMac). I thought wow that is odd. I then thought the mouse has not moved so I better check this out. What I found when I reached the Mac surprised as well as angered me. My Mac was under attack.

I noticed a pop up coming out of the "Menu Extras" portion of the Menu Bar (the Mac equivalent of the system tray on Windows). I immediately realized what was taking place. My Mac had a virus. The pop up I spoke of said I was signed on to AOL IM in two different places click here (a hyperlink) to rectify this problem. The virus even had the AOL trademark little yellow man. I knew this was an intrusion attempt for three reasons.

1). The pop up told me I was signed on to AOL IM in two places with my .Mac email address. This could not be possible that I was signed in to AOL with a .Mac email address. The virus looked for any email address on my Mac and attached it to the bogus pop up to make it look more realistic.

2). The pop up/virus was loaded to the Menu Extras portion of the Menu Bar (the Mac Equivalent of Windows System Tray). I have help so many Windows users clean their computer with a similar virus that appeared via their System Tray.

3). Last be certainly not least. I don't even have an AOL IM account.

Ok it's 11:45pm here is this virus sitting on my Mac. What do I do? I also had the Mozilla FireFox browser open at this point (most likely the entry point for the virus). I'm thinking I'm using FireFox Browser on a Mac how can this virus crap be happening? I knew NOT to click on the hyper link included in the rogue pop up. I decided to close the pop up window by clicking the red X. I then decided I had to contain or delete this virus before it began to spread. It's 11:45pm though no electronics stores are open to buy Mac Antivirus Software. I also was not going to buy online and expose my credit card.

I decided to use all of our friend Google. I found a wonderful free Antivirus program called iAntivirus . I also downloaded MacScan which offered a free thirty day trial use (which served it's purposed). I first started with MacScan and ran a full system scan. MacScan found several tracking cookies and two spyware threats which it deleted all of. I then ran a full system scan with iAntivirus (which took about an hour and 20mins). iAntivirus found nothing as MacScan had already handled the task of removal. I just wanted to make sure by running two programs.

I have never used any Antivirus on any of my Mac's. I was not stupid enough to feel that I could 100% not get a virus on a Mac. I knew there was a possibility of a virus. I always though the odds of getting a virus on Mac were slim. Well I am a believer now. I will from this day forward always install antivirus software on my Mac's.

I hope this is a wake up call for all forum members and visitors. The more mainstream Apple/Mac becomes the more Hackers turn their attention to Mac. Don't leave your Mac vulnerable to attack believeing it won't happen to you. Protect your Mac with Antivirus software. The days of I can't get a virus. I have a Mac are over...Mark

Here is proof for all you naysayers that believe Mac's are not vulnerable to spyware. You have been warned what you do with the information is up to you. I'm going to protect my Mac from Attack.
 
Last edited by a moderator:

efuseakay

Contributor
Silver
Nov 11, 2008
864
99
28
#2
Try another scan with ClamX and see what you come up with.

Weary of a demo of a paid anti virus app for OS X. Of course they want you to think you have a virus so you buy their program.

What were the names of the 32 viruses/spyware btw?
 

jarofclay73

Zealot
Gold
Jun 23, 2008
2,387
15
38
Honolulu, Hawaii
#3
Yup. You said it. As the Mac becomes more mainstream, viruses will pop up to attack them for no other reason than for some hacker's sick sense of enjoyment.

We ALL need virus protection.
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#4
Try another scan with ClamX and see what you come up with.

Weary of a demo of a paid anti virus app for OS X. Of course they want you to think you have a virus so you buy their program.

What were the names of the 32 viruses/spyware btw?
One name I saw was cassell media the same spyware/virus affecting Windows users. I trust the scan I posted because the proof of the spyware/virus was sitting right there on my screen it is now gone. Mark
 

dwp1975

Member
Bronze
Jul 4, 2007
561
2
18
43
Rockville, MD
#5
I am looking to buy either a macbook or a new iMac, does it not come with a anti-virus trial atleast pre-installed?
 

acosmichippo

Genius
Platinum
Sep 10, 2007
15,384
1,089
113
DC
#6
We do have an OSX software thread, btw.

anyway, i'd rather just reformat my disk if i get infected than have to install security software... it's often more trouble than it's worth. Just my opinion, though.
 

patrickj

Genius
Gold
Sep 2, 2007
6,221
445
83
Austin, Tx
ipadinsight.com
#7
Mark - sorry you had so much hassle. I've run an AV product on my MacBook since Week 1 of owning it, for similar reasons as you've expressed above - as in, Macs have never been as impregnable as some assume, and will become less and less so as their market share increases. And browsers (FF, Safari, whichever) are always going to have vulnerabilities exploited.

One thing I do find comforting though - if my understanding is correct, *all* applications run with only user-level rights under OS X (as opposed to admin / root level access under many versions of Windows) so the amount of damage that can be done is far less ...
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#9
We do have an OSX software thread, btw.
Didn't I write a disclaimer at the start of my post explaining why I posted in this thread? I sometimes think you must be bored. You just have to say something in every thread even though nothing is gained from it..Mark

I also don't see Moderator under your name. So please take it down a thousand..Mark
 

patrickj

Genius
Gold
Sep 2, 2007
6,221
445
83
Austin, Tx
ipadinsight.com
#10
... than have to install security software... it's often more trouble than it's worth. Just my opinion, though.
That's for sure. I've spent many a quality hour struggling with the registry hooks and tentacles of Norton's 'Suite' (sour) packages that have buggered up user machines.

I have found Avast to be very unintrusive on my Mac - although that may mean it is doing bugger-all :)
 

dwp1975

Member
Bronze
Jul 4, 2007
561
2
18
43
Rockville, MD
#11
That's for sure. I've spent many a quality hour struggling with the registry hooks and tentacles of Norton's 'Suite' (sour) packages that have buggered up user machines.

I have found Avast to be very unintrusive on my Mac - although that may mean it is doing bugger-all :)
I run Avast on my laptops too :)
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#12
Mark - sorry you had so much hassle. I've run an AV product on my MacBook since Week 1 of owning it, for similar reasons as you've expressed above - as in, Macs have never been as impregnable as some assume, and will become less and less so as their market share increases. And browsers (FF, Safari, whichever) are always going to have vulnerabilities exploited.

One thing I do find comforting though - if my understanding is correct, *all* applications run with only user-level rights under OS X (as opposed to admin / root level access under many versions of Windows) so the amount of damage that can be done is far less ...
You are correct about the root access Patrick. The other problem people running Windows had is they clicked on the hyperlink in the message. I wanted everyone to understand this part especially. The message that pops up be it on Mac or Windows looks totally legit. Exactly why I posted in this thread instead of the Mac OSX thread. I think far more people read here than the Mac OSX section and I just wanted to alert everyone...Mark
 

acosmichippo

Genius
Platinum
Sep 10, 2007
15,384
1,089
113
DC
#13
If i were to use antivirus, it would be avast. picks up most adware/spyware as well.
 

Lincoln

New Member
Gold
Aug 11, 2007
6,100
4
0
#15
What's interesting is that you post this the day after Macs reach a 10% market share and PC's dip below 70%.

I don't use antivirus software than scans my computer daily. I am not that worried about getting anything and probably won't be for a long time. However, I do use ClamXav - a nice, free and light-weight scanner for OS X - to scan my hard drive about once a month. In this case, what you found was spyware, not a virus. There are plenty of example of spyware, trojans, and such for OS X - but no viruses, yet. Nonetheless, it is a good idea to use some sort of scanner every now and then. Just don't use junk like Norton AntiVirus.
 

acosmichippo

Genius
Platinum
Sep 10, 2007
15,384
1,089
113
DC
#16
Didn't I write a disclaimer at the start of my post explaining why I posted in this thread? I sometimes think you must be bored. You just have to say something in every thread even though nothing is gained from it..Mark

I also don't see Moderator under your name. So please take it down a thousand..Mark
dude, relax. yes, i read your disclaimer, but you only mentioned the iMac forum. "By the way" is not translated to "go post it in in another forum or else". If you didn't notice, i did have another comment that does relate directly to your comment, so, respectfully, piss off.
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#18
dude, relax. yes, i read your disclaimer, but you only mentioned the iMac forum. "By the way" is not translated to "go post it in in another forum or else". If you didn't notice, i did have another comment that does relate directly to your comment, so, respectfully, piss off.
OMG please don't make this another back and forth "wall Charger" thread. I am just alerting people to an important issue. I do not want to argue with you. I would rather discuss the issue at hand. If I misunderstood you I apologize. Mark
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#19
What's interesting is that you post this the day after Macs reach a 10% market share and PC's dip below 70%.

I don't use antivirus software than scans my computer daily. I am not that worried about getting anything and probably won't be for a long time. However, I do use ClamXav - a nice, free and light-weight scanner for OS X - to scan my hard drive about once a month. In this case, what you found was spyware, not a virus. There are plenty of example of spyware, trojans, and such for OS X - but no viruses, yet. Nonetheless, it is a good idea to use some sort of scanner every now and then. Just don't use junk like Norton AntiVirus.
Lincoln,
I really think you need to now consider more than just a scan. I don't know what would have happened had I of clicked the hyperlink. I do know it wreaked havoc on Windows machines. I think people that have nothing better to do except write malicious code to screw up everyone's computer should be shot. Mark
 

Swagger

New Member
Gold
Jul 9, 2007
2,076
1
0
Fort Lauderdale, Florida
web.me.com
#20
Is that another cost cutting accessory removal by Apple, or did they figure most people don't need virus protection? J/K, I am in a silly mood today....lol.
I don't ever remember it being included in Mac software. It would have been an admission of vulnerability. Mark