History of Mac malware: 1982 - 2011

Filed Under: Apple, Featured, Malware

In late 2010, I wrote a short history of Apple Mac malware. Since then there have been some significant developments, so here's a revised and updated version.

Before we begin, it's worth recognising that malware on the Mac is a subject which raises strong emotions. There are some who believe that the problem is overhyped (or even non-existent!) and others who believe that the malware problem on Macs is underestimated by the Apple-loving community.

Hopefully this short history will go some way to present the facts, and encourage sensible debate.

From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.

Mac malware timeline


1982


The first virus to affect Apple computers wasn't written for the Macintosh (that iconic computer wasn't set to appear until 1984) but is of historic interest none the less.

Apple IIIn 1982, 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers.

On every 50th boot the Elk Cloner virus would display a short poem:

Elk Cloner: The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

What may surprise some Apple fans is that the Elk Cloner boot sector virus predates IBM PC viruses by some years.

Rich Skrenta, by the way, went on to found the web companies Topix and Blekko. Clearly his early entanglement with malware-writing didn't make him a completely bad apple.


1987


Macintosh SE/30The nVIR virus began to infect Apple Macintosh computers, spreading mainly by floppy disk.

It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. In response, the first anti-virus products for Mac - some free, some commercial - began to emerge.


1988


It appears that the first HyperCard virus was written in 1988. Running on early versions of Apple's Mac OS, one HyperCard virus displayed a message about Michael Dukakis's US presidential bid before self-destructing:

"Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14 year old, and am completely harmless. Dukakis for preseident in '88. Peace on earth and have a nice day"


1990


The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.

1991
HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991.

On German language versions of the operating system it would play German folk tunes and display messages such as "Hey, what are you doing?" and "Don't panic".


1995


Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs running Microsoft Word.

Concept was not written with malicious intent (aside from spreading, it just displayed a message box containing the number "1") but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac.

Word macro viruses turned the world of Mac *and* Windows malware on its head overnight.

Macros in the Concept virusMacro viruses were written in the easy-to-understand macro language that Microsoft included in its Office programs making it child's play to create new variants.

Furthermore, most people at the time considered documents to be non-dangerous, and were happy to receive them without thinking of the possible security implications. Just opening a Word .DOC file could infect your computer, because the macro virus's code was embedded within.

You could measure how good your anti-virus software was by how quickly and seriously it responded to the macro virus threat.


1996


Laroux, the first Excel macro virus, was released and hit owners of Windows computers.

Mac users escaped unaffected at first - at least until the release of Excel 98 for Mac meant they could also become victims.


1998


Hong KongIt was in Hong Kong, in 1998, when the next significant Mac malware outbreak was first spotted. A worm - dubbed AutoStart 9805 - spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+

David Harley of Macvirus tells me that he remembers watching with interest as reports of Autostart spread from Asia to the rest of the world.

In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

Big changes to the Mac malware scene were just around the corner, however, with the release of Mac OS X - a whole new version of the operating system which would mean that much of the old malware would no longer be capable of running.

In the future, Mac-specific malware would have to be written with a new OS in mind..


2004


Anglepoise iMacThe Renepo script worm (also known as "Opener") attempted to disable Mac OS X security including the Mac OS X firewall.

In addition, the Renepo worm would download and install hacker tools for password-sniffing and cracking, make key system directories world-writeable, and create an admin-level user for hackers to later abuse.

The shell script used by the Renepo worm contains a number of comments from its authors, including:

In 2004, hackers also wrote a proof-of-concept program called Amphimix which demonstrated how executable code could be disguised as an MP3 music file on an Apple Mac.

Amphimix

Amphimix was not likely to be encountered by Mac users, and appeared to have been written as a proof-of-concept highlighting a vulnerability in Apple's software.


2006


Leap-A, the first ever virus for Mac OS X was discovered.

Leap virus

OSX/Leap-A was programmed to use the iChat instant messaging system to spread itself to other users. As such, it was comparable to an email or instant messaging worm on the Windows platform.

Therefore, it was correct to call OSX/Leap-A a virus or a worm. It was not correct to call OSX/Leap-A a Trojan horse. Not that that stopped many in the Mac community claiming it wasn't a real virus.

The Inqtana worm and proof-of-concept virus soon followed in the footsteps of the Leap virus.

A buggy proof-of-concept virus called Macarena appeared, written in Xcode. Every infected file contained the phrases

"MachoMan - roy g biv"

and

"26/10/06"


2007


BadBunnySophos discovered an OpenOffice multi-platform macro worm capable of running on Windows, Linux and Mac computers.

The BadBunny worm dropped Ruby script viruses on Mac OS X systems, and displayed an indecent JPEG image of a man wearing a rabbit costume.

The first financial malware for Mac was discovered. The gang behind the attacks developed both Windows and Mac versions of their OSX/RSPlug-A Trojan horse.

Mac users can infect themselves by downloading and running a fake codec

The Trojan posed as a codec to help users view pornographic videos, but in fact changes DNS server entries to direct surfers unwittingly to other websites.


2008


Cybercriminals targeted Mac and PC users in equal measure, by planting poisoned adverts on TV-related websites. If accessed via an Apple Mac, surfers would be attacked by a piece of Macintosh scareware called MacSweeper.

MacSweeper

Close relatives of MacSweeper followed shortly afterwards, including Imunizator - another example of scareware for the Apple Mac, which claimed to find privacy issues on the user's precious computer.

Imunizator

In June, the OSX/Hovdy-A Trojan horse was discovered that could steal passwords from Mac OS X users, open the firewall to give access to hackers, and disable security settings.

Troj/RKOSX-A was discovered - a Mac OS X tool to assist hackers create backdoor Trojans, which can give them access and control over your Apple Mac computer.

Apple Mac and Leopard CD ROMIn November, Sophos warned of the Jahlav Trojan. Similar to other malware campaigns, cybercriminals created a bogus webpage claiming to contain a video.

Visiting the site produces a message saying that you don't have the correct codec installed to watch the video - whereupon the site offers you an EXE if you run Windows, and a DMG (Disk Image) file if you are using an Apple Mac.

Controversially, Apple issued a support advisory urging customers to run anti-virus software - but after media interest, rapidly deleted the page from their website.


2009


iWork 09In January 2009, hackers began to distribute the OSX/iWorkS-A Trojan horse via BitTorrent inside pirated versions of Apple's iWork '09 software suite.

In the same month, a new variant of the Trojan was distributed in a pirated version of Adobe Photoshop CS4.

In March, Sophos reported on how hackers were planting versions of the RSPlug Trojan horse on websites, posing as an HDTV program called MacCinema.

In June, SophosLabs discovered a new version of the Tored email worm for Mac OS X, and hackers planted a version of the Jahlav Mac Trojan horse on a website posing as a portal for hardcore porn videos.

Shortly afterwards, the Twitter account of celebrity blogger Guy Kawasaki had a malicious link posted onto it, claiming to point to a sex video of Gossip Girl actress Leighton Meester. In reality, however, the link lead unsuspecting users to malware which could infect Mac users.

Meanwhile, Apple finally began to introduce some rudimentary anti-malware protection into Mac OS X.

Although it wasn't really equivalent to a true anti-virus product (it only protected against a handful of Mac malware, doesn't defend you if you try to copy an infected file from a USB stick for instance, and doesn't offer clean-up facilities), it was still encouraging to see some attempt to offer more protection for Mac users.


2010


The OSX/Pinhead Trojan (also known as HellRTS) emerged.

The backdoor Trojan horse can allow hackers to gain remote control over your treasured iMac or MacBook.

Once again, the malware was distributed disguised as a legitimate application - in this case, iPhoto, the photo application which ships on modern Macs.

More recently, the Boonana cross-platform worm appeared, using a Java applet to target not just Windows computers for infection, but Mac OS X and Linux too.

Boonana

Sophos detects various components of the attack as Troj/Boonana-A, Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos's web protection blocks access to the malicious webpages.

A piece of Mac spyware called as Spynion (also known as OpinionSpy or PremierOpinion) came to light, attached to screensavers and other add-ons for users' Macs.

Spynion would take advantage of users not properly reading End User License Agreements (EULAs), allowing it to spy on browsing habits and search behaviour.

Spynion

Free anti-virus for Macs
In late 2010, Sophos issued a free anti-virus for Mac home users. We have been protecting business customers who have Macs for years, and now there was an opportunity for home Mac users to protect themselves against the threat too, at no charge.

Early reports indicated that there are plenty of Mac users with malware on their computers - some of it Windows malware, some Mac OS X, and some cross-platform.

There's no doubt that the Windows malware problem is much larger than the Mac threat - but that doesn't mean that the danger of malware infection on Mac OS X is non-existent.

The events of 2011 would make it clearer to Mac users than ever before that the malware threat was real..


2011

BlackHole RATThe BlackHole RAT, a Trojan allowing hackers to gain remote access to your Mac, emerged.

Uncompromising text contained inside its code made it clear what the author's intentions were:

"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected!

"I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

"So, Im a very new Virus, under Development, so there will be much more functions when im finished."

But there were other attacks for Mac users to worry about.

In 2011, a massive search engine poisoning campaign was undertaken by cybercriminals with the intention of infecting Mac users. Apple Mac users were considered a soft target by malicious hackers because of the low adoption rate of anti-virus software.

The initial attacks took the name of a legitimate Mac security program, MacDefender, and - as users searched the web for images - popped up bogus alerts claiming to have found malware on their computers.

The fake anti-virus attack was very similar to ones we had seen many times before for Windows, but this time targeting Mac users instead.

MacDefender scareware setup

MacDefender scareware

Within days, the attacks began to adopt new disguises such as "Mac Security".

In all of the attacks, the intention was to scare users into believing that their Mac computer had a security problem and fool them into purchasing a solution. In other words, to give your credit card details to the very people who had compromised your computer in the first place!

The scammers had no qualms about poisoning popular search terms such as "Mother's Day" in their attempt to fool Mac users.

In some cases, once in place, the malware would deliberately pop up inappropriate websites - in an attempt to convince you that you needed to buy a clean-up solution.

Saucy URLs

Saucy website

Mac users had not seen a malware attack impacting them on anything like this scale since the 1990s, and many struggled to protect their computers.

Apple itself seemed also to have been caught napping, and technology writer Ed Bott discovered that calls to the AppleCare support line were "4-5 times higher than normal", with the overwhelming majority of calls coming from customers who have been hit by a fake anti-virus attack.

With the problem flooding Apple's online support forums also, perhaps the most surprising news was that Apple's support reps were ordered not to help users remove the malware.

Leaked Apple memo

Those spreading Mac malware quickly realised that they were not limited to simply poisoning Google's search results. They also undertook to spread Mac malware via popular social networks, such as Facebook.

When serious allegations of a sex attack were laid against the IMF's Dominique Strauss-Kahn, hackers took advantage spreading malicious scareware links across Facebook which could infect both Windows and Mac users.

Facebook malicious link

Scareware attacks continued to cause problems for Mac owners throughout the summer of 2011 with many users coming to realise that perhaps an anti-virus program might be wise after all.

Separately, more malicious attacks occurred targeting Mac users.

For instance, the OSX/Revir-B Trojan appeared to disguise itself as a PDF file about a controversy between Japan and China about the contested sovereignty of some islands

And the Flashback Trojan horse disguised itself as an update for Adobe Flash.

Sophos intercepts Flashback Trojan

Once in place, the Flashback Trojan horse (called OSX/FlshPlyr-A by Sophos products) could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.

It's perhaps no surprise, with a backdrop of increased malware activity for Mac OS X, that a poll conducted by Sophos revealed that 89% of people would tell their Mac-using friends to install anti-virus software.

Poll results

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition

Hat tip: Thanks to David Harley of Mac Virus for his input to this article, in particular with regard to the section about HyperCard viruses.

, , , ,

You might like

58 Responses to History of Mac malware: 1982 - 2011

  1. DJV · 1093 days ago

    For a start, there are very few out there, so you can fit it all into 1-page, try doing that for Windoze systems... Also Mac users would really need to do something really stupid to get infected by a virus...

    • Actually the most successful recent Mac malware has used precisely the same social engineering trick as works on Windows users.

      Fake anti-virus / scareware messages.

    • annoyed · 1093 days ago

      does it really matter what OS you are on? when you make comments like what you just posted, it makes you sound like an elitist, with your nose raised high in the air acting like you are better than everyone.

      whether on a PC or a Mac, imo you have to do something really stupid to get a virus to begin with, so no one is perfect and we all make mistakes.

    • T.Anne · 1093 days ago

      Just because there are not as many for MACs than there are for Windows doesn't mean MACs don't have any issues. That's the whole point. They are vulnerable too.

      If I have a small cut vs a large cut doesn't change the fact that I have a cut. The way I react to it may be different, but in either case I have to try to sanitize it and prevent infection.

      As for MAC users having to be stupid to get infected - that's not true, all they have to be is human. That's what social engineering is all about.

      Besides that, not all MAC users are techies. I have owned both Windows computers and MACs - quite frankly, I don't think I got any smarter when I was using the MAC vs the Windows PC.

      • Nigel · 1093 days ago

        For the record, "MAC" is an abbreviation for "Media Access Control", as in "MAC address". The Apple Macintosh is typically abbreviated as "Mac".

        • T.Anne · 1090 days ago

          fair enough :) though I suppose that does support my point that not all Mac users are techies.

          I'm hoping most readers can look past my choice of capitalization and still understand the point I was trying to make.

      • Jeremy Visser · 1093 days ago

        It's capitalised 'Mac', not 'MAC'. Not that you'll change your ways after reading this, but I thought I'd try.

  2. Sam Kinison · 1093 days ago

    Ahhh yes... this all reminds me of the early day when I would walk into a Kinko's and load the Sam Kinison scream init (making it invisible in the process) and casually walk away...

  3. KLD · 1093 days ago

    To be fair, most people will never run into malware, AV or not. In my 10 years on Windows, I have had an AV, and only had one or two of all those thousands of malwares infect my computer. Note that those one or two aside,, I have encountered malware only oPnce more: during the Google search poisoning that started Mac Malware. That's the first time in four years, even with my recently more risky browsing habits.

    Now, if you take that statistic to the small number of Mac malwares out there, it's very unlikely you will ever run into, much less install any malware.

    Of course, as no AV is foolproof and malware is sneaky, you may never actually know whether you have malware or not. People without AV's who say they have no malware may have malware and not know it! So the best answer, then, is to at least equip yourself with a free AV. It's like wearing a jacket to the movie theatre in case you get cold.

    I'm considering buying myself a shiny new MacBook Pro next summer, and I say, I'll probably be downloading Sophos for Mac :)

  4. HR, Sweden · 1093 days ago

    How can I be sure that downloading this "free AntiVirus for Mac" doesn't put some malware on my computer...?

    • Well, that would be commercial suicide on our part wouldn't it? :)

      You can check out the many reviews the product has received if that puts your mind at rest.

      • Aroy · 1093 days ago

        Is there any effect of the system slowing down post-install? Thnx

    • Dave · 1093 days ago

      Good point...... I have a mac running sophos antivirus havnt noticed any slow down, it hasnt alerted me to anything, But I am more comfortable that its there doing its thing. Just make sure you download from the sophos site.

  5. kazongo bongo · 1093 days ago

    yup....think I'll stick to using a PC...at least I know what to expect!

    • Darren · 1071 days ago

      Thats a paradox if I ever saw one. Great article btw.

    • Mike · 1028 days ago

      Thats good, we need more people to stick with a PC, less chance of our Mac's getting a cold !! Great article.

  6. christophe · 1093 days ago

    Mac "malware / virus" free ??? :-)

  7. Paul R · 1093 days ago

    What is "written in Xcode" supposed to mean (in relation to Macarena)? Xcode is just an IDE and it supports developing programs in numerous languages, most commonly Objective C. Saying that something was "written in Xcode" though makes little sense.

    • Matt · 1093 days ago

      It's like saying 'written in notepad' - perfectly reasonable, just slightly irrelevant...

  8. James · 1093 days ago

    The point is that Apple Mac owners have a history of smugly thinking their computers are immune to malware. This article shows that they are not.

  9. JoshS · 1093 days ago

    Yes Mac users need to be AV alert, but all I've seen so far that could infect a current Mac is Trojans.
    Of course these require the Mac users permission to install and run.

  10. iMikeyMike · 1093 days ago

    An accurate history – but all (even OSX/Leap-A spread via iChat) required the user to run an app with authentication: all were trojan horses, none would work without the user participating in the installation.

    I could write an app and send it to a mac using colleague and it would erase his hard drive, or send me his files: but only if he ran the app, and only if he entered the administrator password.

    I'm sure viruses on the Mac aren't far away – but they are not here yet.

    (Plus the free Sophos AV slows my 2007 MacBook down worse than Firefox with a thousand plug ins.)

    • By your definition, lots of the malware we have seen hitting PCs over the last 25 years weren't viruses either.

      For instance, your definition suggests that the Love Bug (ILOVEYOU) worm wasn't a worm, but a Trojan. The Melissa virus wasn't a virus. Dark Avenger, Hare, Chernobyl, Netsky, MyDoom, Sobig? Everyone got them wrong too - apparently they were Trojans!

      You see? You can't have it both ways. You can't redefine the word "Trojan" so it helps your argument that Macs haven't been hit by viruses... and then continue to claim that Windows is overwhelmed by viruses.

      I'm not aware of anybody in the anti-virus industry who says that malware has to require no user interaction to be considered a virus.

      A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

      Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

      OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

      Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

      But you're right - most of the malware we see for Mac is in the form of Trojan horses. But then that's *also* true of most of the malware we see for Windows!

      Social engineering is what tricks users into running these Trojans. And that works just as well with Mac users as Windows users.

      • "I'm not aware of anybody in the anti-virus industry who says that malware has to require no user interaction to be considered a virus."

        Correct. But it _does_ in order to be considered a serious threat.

        It's also telling that Microsoft happened to be the vector in so many cases….

  11. Joe Simpson · 1092 days ago

    The World Peace Day trojan is not not included. It infected early Macs. It spawned an interesting discussion of the ethics if installing unauthorized softwware on computers for which the individual had neither responsibility nor relationship.

  12. Richard · 1092 days ago

    I think the line "Before we begin, it's worth recognising that malware on the Mac is a subject which raises strong emotions.", pretty much sums up Apple and certain Emu (oops theres my dyslexia kicking in again, sorry I meant Mac) users, over many years.

    Of course Not all Mac users have their head burried in the sand (in fact most DO NOT)

    Apple has had some great some great products come out over the years across various platforms ( and no im not just heading toward the old cliche of market share making you worth the hit) but has become a bigger target and is growing.

    I have Windows Desktop and Macbook BOTH have AV installed

    Good post Graham

    • tblspn · 886 days ago

      I think you mean Ostrich, not Emu. Carry on..

    • The prime reason to have AV software on a Mac is to eliminate the possibility that you will pass on malware to Windows users.

  13. DKennedy · 1092 days ago

    Sophos is really pushing Mac vulnerabilities hard. I can only assume that, although the current AV product is free, there'll be a paid-for 'premium' version coming down the pike as soon as enough Apple owners are sufficiently scared.

    • We've had a commercial version of our Mac anti-virus for many years (which we sell to businesses)

      The free version *is* free for home use. If you don't want to use it that's fine, but we've explained numerous times why we've made it free - so it's not as though we're hiding anything.

  14. Eric · 1068 days ago

    The author would have us believe that since anew piece of MAC malware is arriving almost every month, that we should all go and buy MAC antivirus from a certain antitrust company.

    Bah humbug.

    This is more reflective of the fact that certain antivirus companies have invested in the development in MAC antivirus, and they would like to selling their new products.

    • Umm.. love the conspiracy theory, but did you see the bit where I reference the *free* anti-virus that we offer home users?

      • jonny · 724 days ago

        By definition (as in the literal definition of the English words), "conspiracy theory" includes all rumours of non-disclosure. So all rumours of "proprietary information" are literally conspiracy theories until they are proved, at which point they become fact (of the conspiracy to withhold information). In this, our (Mis)Information Age, any information which cannot be easily accessed by an experienced search engine user is - irrefutably - the direct result of two or more parties conspiring to withhold information, i.e. deceive.

        I'm not convinced that withholding information of any kind from the human race could ever be in Humanity's best interests. Proprietary companies have (historically) disagreed; but then they were responsible for limited liability corporations which are inevitably going to kill us all (if they are not eradicated from the face of the planet very shortly).

        So my argument is clearly in favour of Sophos disclosing information Apple would prefer to be kept hidden for the benefit of...? The limited liability corporation that is nothing more than some sheets of paper which assert that Apple exists.

        But imagining there is such a thing as a profit-driven company giving away "free lunches" is pretty much how Humanity got itself onto the (gameplay guaranteed) fast track for extinction.

        • Alan B. · 498 days ago

          So what you are saying is that your Mac is immune to every threat out there?

  15. Brian · 1039 days ago

    I'm a fan of Sophos Antivirus. Look, I run a Macbook Pro with Parallels installed so that I have a copy of Windows 7. I need that in order to run some software that I cannot run on Mac that enables me to fill out the forms that the Army uses. Now I have plugged in some USB drives into my computer that have Windows stuff on them, and yes, not everything on those drives was purchased. Sophos found and got rid of the potential threats that were in that mess on my drives. So it has kept crap off of my system and even prevented it from getting on other PCs that I have.

    Look, the anti-virus is free, it does the job, and it's better than going completely unprotected into the world. I like to surf some porn now and then so why not have a virtual "jimmy" in place just in case? For those that think that malware will never happen to them I kind of giggle. That's exactly what pretty much anyone else has said about things before they happened to them. What's it hurt to use a prophylactic?

  16. Dom · 975 days ago

    Just want to say many thanks for the free anti virus program!!!

    Makes me feel secure knowing that I have protection against the nasties out there.

    Amazes me though that it's free. How come you guys aren't charging for it? Not that I'm grumbling though, LOL.

    Again, many thanks.

    Dom

  17. Danny · 972 days ago

    I've had a mac for 6 months and also a windows 7 computer, I know a fair bit about computers (windows) but not a mac computer, when I got the mac I was told my a apple salesman that I didn't need any AV on the mac as macs don't get virus so from the day I switch on the mac I never ever done any buying on the internet because I never been 100% sure I was safe, I just used the windows 7 computer for any on line purchase as I was running Nortons and have never had any worries in 20 years about virus, I then purchase parallels desktop 7 for my mac and installed windows 7 and Nortons 2011 so I can run lion on the mac and switch over to windows 7 with Nortons for any on line purchase, I saw the free download for sophos anti-virus in the computer active mag, I thought it's free so why don't I I stall the software and then I would feel a little better ordering on line, when the install finished I let the AV software do a check on the mac and would you believe it I had 1 virus which sophos removed from my mac, and this was after the apple salesman told me not to worry mac don't get virus, listen to me someone that's had a computer for over 30 years!!!! download the sophos anti- virus for the mac then at least you know you safe either way, many thanks Daniel

  18. G Dean · 971 days ago

    Ok interesting facts, but really a disgusting article posing as news to try to scare you into buying security software! Sophos tries to invoke the culture of fear to sell products to the so far rather sensible & resistant Mac community. If you are sensible and do not run programs from dubious sources and keep your os updated, then there really is little risk compared to the security nightmare that is microsh**t. I for one will not be retarding the performance of my computer by buying a security product after reading this article. Yes it is possible to write viruses and malware for apple systems, no one who knows about computers has ever seriously thought otherwise despite the claims of salespeople.

    • Did you miss the bit where we referred to our FREE anti-virus product for Mac?

      That's the only product we mention isn't it? And, by the way, our free home user Mac anti-virus product is fully-featured - there's no "premium" edition we try to upsell people to.

      Cheers
      Graham

    • Kurt · 958 days ago

      I think you are beeing very unfair, G. Dean.

      1) Macs are exposed to hacks and viruses, just like Windows, maybe even easier to hack. Not a single system is 100% secure. Hackers hack. If a strong hacker really wants to get you, trust me, he will. Nevermind what system or security you are using.

      2) Not run programs from dubious sources? And if a friend sends me shit, not knowing it is malware? Or what if some commercial pops up and gives me some crap? This stuff happens often and most ppl don't even notice it. There was a time, when I cleaned inftected PCs for a living. You wouldn't believe how much crap ppl download - thinking it's safe. You can't expect the mainstream user to understand what todownload and what not. If you were on board in the early 90's, when all this stuff started hitting very hard on the mainstream (Windows), you would have learned a lesson or two about how to deal with this stuff and what to make of it.

      3) At the time of this writing: There is LESS risk (on OSX), compared to Microsoft, BUT how many Mac systems are there world-wide vs. Windows systems? Ah, yes. IF Macs ever reach a comparable mainstream level like Microsofts Windows, then I am 99% sure, that Mac will get hit as hard as Windows did, if not harder, because hackers could then finally prove something to a lot of naiv users out there: You think you're safe? Think again.

      4) Retarding the performance of your computer? Ehm, most Antiviruses nowadays are extremly fast and ressource-friendly. We're not in the 90's anymore. Have you tried the recent Norton IS 2012, Kaspersky 2012, Microsoft Security Essentials etc.? I have tried all of those on a NETbook and they ran just FINE - without a noticable performance impact. What gives?! AND most are either free or cheap ( cheap = 1-2 bucks a month for a complete security software incl. international live support by phone, chat and mail - and other features? Man, that's extremly cheap, considering what you get!)

      5) About scaring you in to buying software (Sophos): Have you realised, that Sophos Home Antimaleware on MAC OSX costs: 0$ ... = FREE? -,-"

      Peace.

    • Frodo · 817 days ago

      What are you, G Dean, an infant? Can we avoid this "microsh**T vs Crapple nonsense.

  19. samantha · 958 days ago

    thanks for the great and free antivirus, sophos! instead of posting some conspiracy theory, like a few ppl here, i understand the article. thank you so, so much for the free work you are sharing with us mac home users. sami.

  20. nicole · 957 days ago

    My dad installed Sophos AV on his Mac, because he kept complaining about strange behaviour and such things. He called me, I showed him this article, he downloaded Sophos AV and Sophos found two malware-threats on his iMac. Now he is upset about those, that told him, that Macs are more resistant to viruses. Obviously, like this article demonstrates, it's not.

    Nicole

    • David · 802 days ago

      Hi Nicole, it is indeed more resistent to viruses, but it still can get infected. There are way less malware attacks aimed to Macs than to PCs. Depending on how you use your computer, the pros of a mac vs a pc rest not only on the virus issue, but on the apps, stability and funcionality... it all depends on what you're looking for when buying a computer.

      Just wanted to point that out, macs tend to get less trouble with malware, but they are not invulnerable.

      :)

      • paul · 770 days ago

        You can find virus and malware on many Macs, but that doesn't necessarily mean it is a Mac virus, malware or trojan. You will find e-mail laced with nasty attachments, that will only infect Windows PCs. Will all respect to the folks at Sophos, their Mac product isn't as good as ClamXav in detecting threats in e-mails. But then again Clam doesn't do active scanning, while Sophos does, so in theory Sophos would do a better job detecting "drive-by" infections that caused the most recent significant scare.

        • KaCe · 703 days ago

          Yes, I came here tonight because Sophos found a virus... but it was a PC virus. I'm sure it was in my email.

          This discussion is worth reading as there are "no free lunches". There's a price to pay for everything, even a free lunch. Macs are loved, almost blindly, by Mac enthusiasts. I am one. But I have no malice toward MS for what it is creating. I do think the Unix kernel makes Macs more stable, reliable and easy to use. I think all of us who had to deep 6 our pre-OSX machines were ticked that Apple would no longer support them, but in the end it has been good for all of us. If Bill deep 6'd the older code in Windows there'd probably be a huge out cry initially, but then things would improve. He's trying to be all things to all people and we know you can't win that game.

          I will keep my OS updated. Enjoy my dependable, well built machine (which worked after being submerged while asleep in my backpack when a waterbottle lid came loose) It has fallen off the top of may car twice... I put it there to be "safe" because I was loading my car... jeez. It was stepped on once and looks like it has been to Afghanistan. But here I am using it. And updating my Sophos. Thank you for having it.

          I agree with the idea of belt and suspenders. Sophos can't hurt a product that is already very capable, it can only help it.

  21. Steven · 954 days ago

    Very interesting and good to know there are humans out there checking on these threats, especially since I was interested in buying a Mac. Now I'll just stick with my good, old Windows PC.

    Good article.

    Please provide the same list for Linux-based Operating Systems or Distributions (like Ubuntu, Suse).

    There are a number of threats already known for Linux/Ubuntu, if you check Google and look out for User problems with malware.

    There are a number of users (in the Linux community) thinking there are no threats for mainstream Linux OSs. Canonical even claims to have "Antivirus protection" in their latest Ubuntu version (11.10).

    Things like:
    1) Browser hacks through Mozilla in an Ubuntu System. (look Youtube)
    2) Gnomelook dot org malware in Screensaver. (Google, official Ubuntu forums)
    3) Ubuntu systems getting hacked. (official Ubuntu forums)

    And so many more.

    Please, Mr. Graham Cluley, I'd appreciate it.

    Thank you for your time and work.

    IIC - Steven

  22. Bill · 947 days ago

    Does Sophos AV for Mac scan, detect, and remove malware associated with kernel extensions (kext files)?

    • Jenny · 796 days ago

      I would like to see more in the way of kext, and plist, checks. I used to subscribe to a Mac forum and the newsletter was sent out regularly. One day, it came to me 'loaded' (spoofed brilliantly, in fact) - one of the links which was particularly interesting didn't go where it should have ...

      Thanks for the free A/V all the same! Every little helps ;)

  23. Jon · 946 days ago

    Mac may have few viruses now but as Apple becomes more dominant surely they will attract more attention.

    It seems foolhardy not to have a deterrent in place. On the basis of the evidence can you really communicate to all your users within an organization to use Mac instead of Windows and don't bother installing AV. Brave and waiting for the problems to come.

    It doesn't take long to understand that Mac's are not invincible:
    Read Mac Hackers Handbook by Charlie Miller etc. or OS Exploits and Defense or Hacking and Securing iOS Applications.

    Thanks to Sophos at least some people will have some infastructure in place if a major issue is out there in the wild. And the rest what will they be thinking ... 'you told me i didn't need an AV - i trusted you'.... you can profit from this perceived security for so long and then the brand will take a hammering. Just an opinion :-)

  24. Jimmy · 933 days ago

    Sure Macs are great computers, but I think that Apple should have never pushed the "Macs can't get viruses". Its impossible for an operating system, as of now, to be completely immune from malware or trojans, but it is possible for an os to be extremely complicated to infect.

    • Jon Fukumoto · 904 days ago

      Macs can be infected. All it takes is a social engineering trick to get you to install something and your Mac is infected. There's no such thing as 100% secure. Even though there's not as much viruses and Trojan horses compared to PCs running Windows, it's still a good idea to use an anti-virus product like Sophos Anti-Virus for Mac. So don't get lulled into a false sense of security that Macs can't get infected. As Macs gain more market share, they'll become more of a target, so protect yourself.

  25. Dan Fuzz · 906 days ago

    It' staggering how many people don't grasp the FREE bit of this.

    I skim read a lot of the time, but if I do comment, I always go back and read the article properly - just in case I missed something.

  26. Jon Fukumoto · 904 days ago

    One thing to note here: THERE'S NO SUCH THING AS A 100% SYSTEM. Even Macs are likely to get infected through these attacks. The attacks are getting more sophisticated, and are using social engineering techniques which also have gotten more sophisticated. Be very wary of the websites you go to. It's a good idea to install Sophos Anti-virus for Mac. It's free of charge and won't impact your system. I've been using it to protect my system. Anyone who owns a Mac and thinks that they can't be infected, it's time to wake up to reality. The threat is real, and I highly recommend anyone who owns a Mac to download and install Sophos Anti-Virus.

  27. Ted the Nervous · 818 days ago

    As I explained to a friend who's computer I was scanning for malware, it's like looking for a needle in a haystack... and you don't know how big the haystack is... or how many needles there are... or if there are any needles at all.
    You might search and search and find nothing, but that doesn't mean there aren't any needles (viruses). You might find one needle, or two, but you don't know if you've got them all. And what if someone got clever and hid a needle INSIDE a piece of straw.

    Yeah, we are all vulnerable, not just to the malware we know about but to the malware we don't know about. A/V is just one part of the defences.

  28. Bree · 562 days ago

    i am buying a mac next week and the first thing on it will be the free sophos anti virus.Thankyou.

  29. Dave · 538 days ago

    Most viruses and malware are downloaded from peer to peer sites, windows or mac so if you want to be safe buy your software from a legitimate sources.

    any file can be injected with additional code to control your pc or mac - pictures / music / movies so if you don't increase your risk don't illegal download.

  30. yuhong · 515 days ago

    Actually, the first Excel macro viruses was designed for Excel 5.0/95 and thus Macs was not immune.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.