It's possible you have some sort of malware, but you would have had to install it and authenticate using your Admin password before that could happen. Unless you've done that, you don't have any malware on your system. It's just an ad.
Did you install any ad blocking software, such as Safari Adblock or even Safari Block? Have you changed your DNS addresses to use those from OpenDNS? If not, you should do that, since it will filter and block ads, and OpenDNS should be faster for you, too.
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download from:
However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
You can read more about how, for example, the OSX/DNSChanger Trojan works here:
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
On June 23, 2008 this news reached Mac users:
More information on Mac security can be found here:
The MacScan application can be downloaded from here:
You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
More on Trojans on the Mac here:
This was published on July 25, 2008:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites), as reported here on December 9, 2008:
You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
1. Avoid going to suspect and untrusted Web sites, especially *********** sites.
2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.
3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.
4. Use Mac OS X's built-in Firewalls and other security features.
5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications.
6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
As Klaus1 said, there are no viruses for Mac OS X, so antivirus software shouldn't be needed unless you send and receive MS Office files to Windoze users. I've never used antivirus software and I've never had any malware of any sort. It's more a matter of being smart about where you go and what you choose to download and install.
i dont use limewire or any peer to peer downoaders, nor do i download pirated software. i took your advice about trying out mac scan. when it scanned my mbp it found around 60 tracker cookies and not viruses or anything. i though that this has worked. then last week i installed the new snow leopard and i thought that surely this would put an end to my problem then yesterday it started again. i ran mac scan again and it found 8 tracking cookies but thats all. so my question is: do the tracking cookies mean anything? and also is it possible that the internet service would have something to do with it? i am in china and although i have worked as a support tech at an internet company and am weary of blaming the isp, im out of ideas.......
It's a Flash-based add on a web site. As long as you have Plugins enabled in Preferences > Advanced, those ads are able to appear. It's not a virus because there are no viruses for Mac OS X, and if you haven't installed anything that you didn't expressly download and provide your password for, it's not spyware, either.
All computers that access the web have cookies on them; otherwise the site would not know you had visited them before or what page you went to or how long you spent at the site. None of those cookies are harmful; you can get rid of them when you quit Safari, or at some other pre-determined interval that you choose in Preferences. It's nothing to worry about.
You could use something like Click to Flash, to block all Flash items until you click on them, as well as something like SafariBlock to block other types of ads.
Daniel, you are not the only one. I live in shanghai and I am experiencing the same problem. The ads appear outside of the page I'm visiting, usually above it. Most of them are for IPTV from China Telecom. They also disable the webpage I'm visiting. Hitting reload gets rid of them for a while. They usually only appear when I first open Safari. Unfortunately none of the suggestions above are the source of the problem. I don't have any illegal software on my computer, I have not downloaded any illegal files or installed anything from suspect websites. Nor has anyone else had any access to my computer. I also upgraded to Snow Leopard recently and that has not fixed the problem. I wonder if the problem is with the ISP allowing spammers to hijack my browser. China MObile allows spam text messages all the time. It's very annoying.
People seem very adamant that viruses don't exist on the Mac but malware obviously does. I'm not sure how they interfere with Safari but I haven't manages to get rid of it yet. I did find tracking cookies on my Mac and deleted them (even though I'm not sure what they are) but the problem reoccurred.
There are no viruses for Mac OS X. There is some malware, but at the moment it consists of things to redirect your browser to sites you didn't specify. Deleting cookies from Safari isn't going to solve anything, because they aren't the problem.
< Edited by Host >
I said exactly what you said – that it is malware and not a virus.
It clearly does not do what you say and 'redirect' to another page. I described these interfering ads in my first response. These are not banner ads. This is content pushing the real pages down to the bottom of the screen and disabling all their links. I doubt www.apple.com has started allowing ads for cheap mobile phones in Chinese to nearly blot out their home page. This is clearly a way someone has discovered to interfere with Safari (it could be other browsers too but I only use Safari as it syncs with my iPod). I have many screen captures of it on different webpages.
As you point out disabling java and plug ins would render the browser partly useless which wouldn't help much and may not stop the ads at all. I have followed other helpful suggestions such as running Main Menu and Little Snitch. I also ran MacScan which suggested I delete 4 tracker cookies. I haven't seen the ads since – but I'm not holding my breath.
< Edited by Host >
As I said, the only malware at this point redirects your browser to sites you didn't ask for. But it requires that you make the mistake of downloading and installing it first. That can't happen by itself.
< Edited by Host >
If you are running Snow Leopard 10.6.x you don't need to worry about malware or viruses.
Mac OS X Has You Covered
Please click My Settings on the right side of this page and tell which Mac OS X you are running on your Mac. Thanks!
Thanks Carolyn. Unfortunately it doesn't... or didn't. It was also happening after my upgrade to 10.6.1. However after following various pieces of advice above it hasn't happened for a while so (fingers crossed) I hope I have gotten rid of that problem. I'll post in a few days if it has stopped but not sure which one of the remedies to recommend.
One thing I can't believe I hadn't done was to turn my firewall on. I had it on before but must have turned it off for some reason and forgotten about it. Very silly.
A pop up isn't necessarily a virus or spyware. It could have been just an advertisement. Go to Safari / Block Pop Up Windows. More likely then not, it was an ad advising you to purchase anti virus software with a link. Just close the window.
Anti virus software nor malware protection can prevent a pop up ad. They are innocuous unless you click any links in the window.
Since you are in China... you might want to contact your ISP and report the problem.