Malware removal for Macs

I suppose you must be a former PC user. Window's users require Malware removal software. From what I understand, it's not necessary for Mac users.

If you actually did follow even the first of the links available on the page you posted, you'd see 1 Mac trojan entry on the whole list. This is a dodgy programme you can only download from pirate software sites.

This trojan is dropped as part of an illegitimate iWork application installation that has been observed to be available on some file sharing sites.

So the moral here is if you download dodgy software, you're on your own 🙂

crossover,

If they didn't download a pirated copy of the new iLife suite or CS4, they didn't get "attacked." Period. This (the trojan that is being distributed within the pirated copy of iLife and the "cracked" copy of CS4) is the very first example of an OS X trojan "in the wild." And, the only way to get it is to download and install the pirated software.

Again, they simply could not have been "attacked" by any means, unless they downloaded this software. End of story.

There really aren't any reputable "malware removal" tools for OS X, because there have not been any threats. One could say that now, when there is a real threat, such software might become legitimate. I, however, tend to think that Apple will be quick to plug this hole by one means or another, thereby once again negating the need for special software.

Scott

Rixstep, who have been as cross with downloaders as you, Scott (and rightly so in my opinion) have come up with a tool that may help those who have installed this Trojan. Other Trojans may exist that this does not fix of course, for example the one that came with the illegal download of MS Office a while back, or those that are installed when users are asked to install a video codec at some less-than-aesthetic website.

The link to the Rixstep page is here.

but 4 out of the 5 people never downloaded funny things

But 1 did and copied the files for the other 4...? 😉

Not exactly, and such downloads are not the only way to breach the gates: some image files may contain malware, as some video codecs downloaded from suspect sources. I do not have malware protection; others do. Many users rely on strong passwords and only downloading from trusted sources, as well as the firewall, and not opening files automatically (Safari preferences, General panel, "Open safe Files after Downloading" should be UNchecked).

There is also some behaviour on OS X when the system is not properly maintained, that may lead to the conclusion that there is malware installed. A proper maintenance schedule may help here.

Lots of information online about this, but a look at Doctor Smoke's pages and FAQs, may give some guidance. OS X is not Windows, but it is not totally faultess and requires attention from time to time.

Hello,

Try MacScan, download available from the Apple web site here:
http://www.apple.com/downloads/macosx/networking_security/macscan.html

About MacScan
Will find, isolate, and remove spyware, keystroke loggers, and trojan horses as well as detect whether remote administration applications have been installed on a computer. By scanning files received as email attachments or downloaded from the web, MacScan can proactively protect computers from inadvertently accepting new spyware. MacScan’s spyware definitions are constantly being updated, letting users keep pace with the hackers.




Carolyn 🙂

crossover,

crossover wrote:
So what you guys are saying is to do nothing as long no torrents are downloaded....

Correct. For now.

I have no idea what one or two other posters are talking about regarding MS Office and/or video. I do know that some "proof of concept" malware has been created in the last few years, here and there, but these were created and kept in laboratory environments. They were never used or released "in the wild," and never actually threatened Mac users, but were merely created to show that it was possible. Typically, the very first entity to be made aware of these potential threats has been Apple, and Apple (again, typically) is rather quick to take direct preemptive action against them.

This is the very first case of something that has been released into the wild, and it is the first that has been malicious. We have no way of knowing or even predicting what might happen in the future. I will state with confidence that this current situation is not something that deserves concern by those that are not attempting to steal software, but that could change in the future.

So, there's no action that we need to take now, or consider taking, but it would be prudent to stay informed and alert. Doing so is the best protection, at present.

I think it rather ironic that the first time something malicious appears for OS X, it requires that the user first take malicious action, even if that action is only tacitly malicious (the unmistakable theft of software).

Scott

Scott, I guess that refers to my comments about video codecs and Office. For the latter, I would refer you to the MacOSXHints item on Office and for the video codec problem there are several sources according to a Google search, but SecureMac will do.

The connection with both of these, and the recent BitTorrent problem is downloading from untrusted sources.

The ARDAgent/osascript exploit masquerading as some poker game was born on a forum, not some laboratory, and it was out there.

DNSChanger has been a persistent problem for the past year or so.

Even "Opener" made it into the wild - quite a few people showed up here exhibiting symptoms that ultimately turned out to be Opener.

And going way back, the rm -rf ~ shell script disguised as a fake MS Word app did bite a few people foolish enough to download it.

All would have required some level of user interaction so it isn't like the sky is falling, but in no way are the most recent iWork and Photoshop trojans the first to be released in the wild.

{quote}All would have required some level of user interaction so it isn't like the sky is falling, but in no way are the most recent iWork and Photoshop trojans the first to be released in the wild.{quote}

True, but the source of those come from some pretty shady places. Most mac users have enough common sense to stay clear of those dark alleys, because they know the only thing they are going to find is trouble.