Apple Event: May 7th at 7 am PT
Today Jan-8 ClamXav found a virus called JS.Obfus-48 after I downgraded my Firefox version from 9.01 to 8. The Virus was found in the Users/(mydirectory)/Library/Caches/Firefox/Profiles/gn7cw1kc.default/Cache/9/C0 /787ABd01.
I am wondering if anyone has had any experience with this virus?
MacBook Pro, Mac OS X (10.6.8)
macfrombrampton wrote:
Today Jan-8 ClamXav found a virus called JS.Obfus-48 after I downgraded my Firefox version from 9.01 to 8. The Virus was found in the Users/(mydirectory)/Library/Caches/Firefox/Profiles/gn7cw1kc.default/Cache/9/C0 /787ABd01.
I am wondering if anyone has had any experience with this virus?
No, but I'll tell you what I think I know about it.
First, it's not a Mac OS X specific infection or it would have "OSX" in it's name. Nor is it a virus. It's a JavaScript which seems to have been designed to obfuscate a hyperlink. Since it's in your FireFox Cache it means you visited a web page using FireFox at the date and time this file was created and it contained a JavaScript which would have run if you clicked on it. Any harm it might have done is in the past and if it is a threat to your Mac it is harmless sitting in your cache. If I were guessing I would say that if you clicked on the link you would have ended up on a different web page than the one you thought you were going to. What was on that page is anybody's guess.
Since clamav does not provide descriptions of any of their infections and every AV software provider is free to name their malware whatever they want to, there is no way to know exactly what most malware does. The clamav database currently has 778 signatures that start with "JS" and 163 of those are "JS.Obfus." I have translated the signature but won't post it here as that would just result in all readers having it in their browser cache.
If you insist on running AV software on a Mac and you aren't careful what you download or what attachments you open, the AV software will occasionally find viruses on your machine. Any viruses that it finds are Windows-only viruses. They are completely harmless to your Mac unless you also run Windows on it. If you don't, there is no reason to concern yourself with them.
I have ClamXav installed on my Macbook Pro, and every few years I update and run it, just as a matter of curiosity. It has never found anything worrisome, because I am careful. Your brain is the best antivirus there is.
EWW, Of course I will insist on running ClamXav software to check for Viruses. It has been demonstrated that viruses do exist on Apple OS platform. How can you say the virus is completely harmless If you cannot identify what the virus does?
The 2 virus I have found are JS.Obfus-48 and Heuristic.Phishing.email.SpoofedDomain.
By whom???
It has been demonstrated that viruses do exist on Apple OS platform.
????!!!!!!!!!
Dude, enough of this. You've been told repeatedly what those are and that they are not Mac malware! Why do you continue to ignore these statements? Do you have some agenda here other than learning about malware?
If you wish to learn more about Mac malware, see my Mac Malware Guide. You will notice neither of those items is on my list... for a reason!
(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
I am begining to suspect we may have a troll here.
Allan
It has NOT been demonstrated that there is a single virus that can attack a Mac running OSX. To date there are none at all.
MacDefender and all its variants are Trojans, not viruses. If you don't know the difference, look it up. OS X itself now protects you against MacDefender and its variants, and your own intelligence, which I will assume despite the evidence to the contrary in this thread, is perfectly capable of protecting you against all other Trojans. There are no viruses that can propagate themselves on or do any harm whatsoever to a Mac running OS X.
Now I'm done wasting my time on this thread.
Allan Eckert wrote:
I am begining to suspect we may have a troll here.
I think it may be more of a language problem than a troll.
I just stumbled across this current discussion http://www.macuser.de/forum/f65/clamxav-fund-js-624568/ for any Deutsch-Lautsprecher out there. I used Google Translate.
or malware then maybe the virus I reported What about the malware called Mac defender?
As eww has said, that is not a virus. If you had read the malware guide I referred you to earlier, you'd know what the difference is, and in any case, presence of Mac malware is irrelevant to the point here.
If you don't consider it a virus then how do you explain
JS.Obfus-48 and Heuristic.Phishing.email.SpoofedDomain.being discovered by Clamxav?
Because ClamXav finds LOADS more than just Mac viruses. Most of what's in its database is Windows malware. You've already been told that those two items aren't even malware in the first place. The first is for obfuscating a link to trick you into downloading something else, but it itself is not malware. You got it in your browser cache after visiting a dodgy or hacked site. The latter is simply a phishing e-mail, nothing more.
Why is there several Virus software in th Mac app store?
Because there is malware for the Mac, which nobody here has denied. That's not the point. You're hung up on two specific items that are definitively NOT Mac malware!
Read the guide I referred you to earlier. You need education on this topic.
I don't know how you are coming to the conclusion that it is not malware without knowledge of what Clamxav (which can be downloaded through the app store) is identifing.
Clamxav identified
JS.Obfus-48 and Heuristic.Phishing.email.SpoofedDomain.
when I go to clamxav site I cannot find what these 2 malware are intended to do yet Clamxav identifies them on a search of my Macbook pro
MadMacs0 has a lot of involvement with ClamXav. He has told you this. He and I also have knowledge of malware naming strategies, and therefore what the names indicate. Finally, he and I and a small group of others are very involved in tracking and researching Mac malware. Between the two of us, we know a lot on this topic, and have given you a LOT of good information. If you choose not to believe it at this point, there's really nothing more anyone can do for you, so we may as well end this conversation either way.
Allan Eckert wrote:
I am begining to suspect we may have a troll here.
I've always been of the opinion that there are certain things against which even the gods contend in vain. But, I must say -- I've been watching with admiration and bemusement the efforts of MadMacs0, Thomas A Reed, and others. I'd say each deserves a medal -- for Patience above and beyond the call of duty.
The file specified in this post has a function that I cannot identify. I am looking for an explanation as to what it is trying to do as a infected file detected by Clamxav.
virus JS.Obfus-48
