Skip navigation

Method to detect Malware?

1620 Views 8 Replies Latest reply: May 3, 2012 3:53 AM by thomas_r. RSS
BHawksSC10 Calculating status...
Currently Being Moderated
May 2, 2012 8:35 PM

I inadvertently opened a .pdf doc attachment from an email, from an unknown sender.  I immediately knew this was not a genuine email or attachment, closed the document and deleted the email.  Is there any way to detect if I've now inherited malware or similar, worse?  I have not noticed any behavior changes on a 3 week old MacBook Pro.

MacBook Pro, Mac OS X (10.7.3)
  • c0r3yp Calculating status...
    Currently Being Moderated
    May 2, 2012 8:38 PM (in response to BHawksSC10)

    wow, your fine. macs rarely ever, rarely rarely ever ever ever get malware or viruses. all my clients have macs almost and they have never had a virus or malware. I have never even seen or heard of a mac with malware for that matter. mac are macs. dont worrry trust me. ive gone to the worst websites ever and downloaded the virus databases to prove this point to people and never had my mac fail or any others. your totally more than fine!  dont worry your over reacting completly

  • John Galt Level 7 Level 7 (33,010 points)
    Currently Being Moderated
    May 2, 2012 8:47 PM (in response to BHawksSC10)

    There is no known way for email attachments of any kind - PDFs, pictures, videos, etc. - to affect OS X.

     

    Clicking on links sent in emails is another story. That is always a bad idea since emailed links can easily be made to look like legitimate websites that subsequently attempt to entice you to enter names, passwords, and other personal information.

     

    If you are running Lion (as you are) and you have applied all Apple's Software Updates then the only malware you might have is whatever you consciously installed yourself. Nothing can prevent you from installing junk on your Mac.

  • schang42s Level 1 Level 1 (145 points)
    Currently Being Moderated
    May 2, 2012 8:57 PM (in response to BHawksSC10)

    ...more recently there was a "flashback" malware infection where 600k+ macs were infected; apple recently patched it with an update...

     

    I agree with John, there are no known threats associted with email attachments, etc...

     

    ...as of right now, the best thing to do is keep your system up to date...

     

    there are mac programs that deal with viruses and spyware, but how efficient i dont know because the number of threats are targeted on systems running windows...

  • MadMacs0 Level 4 Level 4 (3,315 points)
    Currently Being Moderated
    May 2, 2012 11:39 PM (in response to BHawksSC10)

    BHawksSC10 wrote:

     

    I inadvertently opened a .pdf doc attachment from an email, from an unknown sender.  I immediately knew this was not a genuine email or attachment, closed the document and deleted the email.  Is there any way to detect if I've now inherited malware or similar, worse?

    Although I agree with what most of the other folks have told you, there is pdf malware out there, but none I'm aware of that can impact the OS X. If you had passed this e-mail on to your Windows buddies, they might have had problems.

     

    Some e-mail clients store any opened attachments in a separate folder, so it's possible for it to still be on your hard drive, but not in any place where it could do harm to you or anybody else.

  • andeqoo Level 1 Level 1 (5 points)
    Currently Being Moderated
    May 3, 2012 1:55 AM (in response to BHawksSC10)

    "Nothing can prevent you from installing junk on your Mac."

    so true.

     

    "If you are running Lion (as you are) and you have applied all Apple's Software Updates then the only malware you might have is whatever you consciously installed yourself."

    so not true.

    Malware can be and commonly is embedded within other content- videos, pictures, pdfs, etc.

    How you open it, what you open it with and what permissions you've given to the user you're logged in as all play factors on whether or not they're able to install- and where they'd install to.

    Ex. User without admin privileges can't install a Launch Daemon without authentication.

     

    http://www.appleinsider.com/articles/11/09/23/researchers_discover_pdf_malware_t hat_targets_apples_mac_os_x/

     

     

    Honestly, dude, if you're really worried about it, backup your content and reinstall your OS. If you keep time machine backups, that makes it way easier.

    If you're the only user, if you don't have a password set for your login and/or if your normal account has admin privileges, you should really...change that.

     

    To check:

     

     > System Preferences >  Accounts > My account

     

    If underneathe 'My Account' it says 'Admin' and this (my/your) is the account you use on a daily basis to do things like...check your email, browse the internet, watch movies, etc...

    you don't need admin privileges to do those things...You need Admin privileges to do stuff like...installing things, changing major preferences, accessing other Users' Accounts.

     

    Obviously, you'll still need to do those 'administrative' things, but rather than having your default account be able to do them, you can make a separate account that's only used to do those things so that when YOU need to do one of those 'administrative' things, YOU'RE prompted for administrative credentials (a username and password box appears) before any of it happens.

     

    Essentially you'd have two accounts.

     

    The one you always use would be a standard account. You'd set it as a standard account by unchecking the box that says "Allow user to administer this computer"

    The admin account would have that^ box checked, and you'd set a username and password for it. You would probably never actually log into that account (unless you've got some serious admin...ing to do), you just will always be prompted before you install/trash/edit important stuff.

     

     

    TLDR: Malware exists for mac, it's not a joke, don't ignore the problem- fight it before it gets worse, separate your standard and admin accounts

     

    PROTIP:

    DO NOT GO ONTO APPLE MESSAGE BOARDS WHEN YOU'RE TWEAKED OUT ON RED BULL.


  • thomas_r. Level 7 Level 7 (26,920 points)
    Currently Being Moderated
    May 3, 2012 3:53 AM (in response to andeqoo)

    Malware can be and commonly is embedded within other content- videos, pictures, pdfs, etc.

     

    No, that is not true at all.  Malware, even on Windows, cannot be embedded in videos or pictures.  A malware application could disguise itself as a video or a picture, but actually be something else.  Though if it tried that on a Mac, you would get a warning that you were trying to open an application downloaded from the internet, which should tip off people who read the information in the warning message that the file is not what it seems to be.  Malware can also come in the form of a "video plug-in" that needs to be installed to see some online video.  In both these cases, the malware cannot install itself, it relies on tricking the user.

     

    As for PDF files, Acrobat Reader has been known to have some security holes, though none have been exploited on the Mac.  Most likely, I would guess, because most Mac users don't use Acrobat Reader.  PDFs are supported directly by the system on the Mac, and are opened in Preview by default.  As Preview is not Acrobat Reader, it doesn't have the same vulnerabilities.

     

    Your point with regard to MS Office is a good one, though it only affects a very specific subset of users.  First, it only affects users of Office 2004 (which doesn't even run on Lion) and 2008.  Second, it only affects those users who have not installed any Office updates since June 9, 2009, when Microsoft patched the vulnerability that the malware is relying on.  Third, to date the only active exploits of this vulnerability on the Mac have been extremely targeted attacks against specific groups in Tibet.  That doesn't mean it has to stay that way, but at the same time, there's little point in launching a non-targeted attack that can only affect such a small group of users.

     

    There is absolutely no reason that the original poster should reinstall the system.

     

    I would advise reading my Mac Malware Guide, as well as coverage of these recent threats on my blog.

     

    (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.