[X4U] Trojan horse on the Mac?

Randy B.Singer randy at macattorney.com
Fri Oct 20 00:03:46 PDT 2006 

Bob Aldridge said:

>Cable company gave the e-mail of the offending PC's and Mac.

That means nothing.  It is very common for PC viruses to do what is known 
as "spoofing".  That is, they take over the e-mail program of the 
infected PC, and replicate and send themselves out using addresses in the 
e-mail program's address book as the "to" and "from" addresses.  So, 
looking at the "from" address of a message sent out due to a virus 
infection is useless with regard to determining where the e-mail 
originated.

http://www.plattsburgh.edu/help/virus/spoof.php

Actually I'm really surprised that your cable company didn't already know 
this.  PC viruses that spoof e-mail addresses have been around for years.

>I doubt the cable company too, but I need to prove them wrong on this and
>prove to the staff Macs are safe as I professed.

There has only ever been *one* Macintosh virus or Trojan that has been 
able to successfully send itself out to other users and that is the 
Simpsons virus:

http://vil.nai.com/vil/content/v_99102.htm
http://www.macintouch.com/simpsonsvirus.html

The Simpsons virus circulated about 5 years ago.  It is only for OS 9 and 
it required Outlook Express to spread.  It was never a prevalent virus 
and at this point, with the passing of Outlook Express, and the rise of 
OS X, it is probably extinct.

Currently there are *no* viruses that infect OS X.  (NONE.)  There are a 
few very rare Trojans.  Trojans do not self-propogate.  There are 
hundreds of Word macro viruses, but they are irrelevant if you don't use 
Word, or if you have Word's macro feature turned off.  There are a 
handful of viruses that can infect OS 9, and which can also infect 
Classic running in OS X, but these are now very rare also.  None of 
these, other than the Simpson's virus, can spread via e-mail.

>Doing a little checking around I found ClamXav. I'll give it a shot.

ClamXAV is free, which is, of course, very attractive.  However, the 
product is  misleading.  ClamXav is an OS X port of ClamAV, which is a 
UNIX server anti-virus application for use with Windows networks. (ClamAV 
comes with Mac OS X Server.) The problem is that ClamXav uses ClamAV's 
anti-viral database, with few additions in consideration of the 
Macintosh.  
You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, "Macintosh", or for one of the 
known (though very rare) Macintosh Trojans, for instance: "Opener" or 
"Renepo," and see if anything shows up.  (Nothing will.)
What this means is that ClamXav doesn't look for much in the way of 
Macintosh-specific malware.  Sometimes free isn't a good deal.

It is *extremely* unlikely that your Macintosh is infected with any sort 
of Malware, and I would say that the liklihood that spam originated from 
your Macintosh is just about zero.  But if you feel that you must get an 
anti-virus program, at least get one that can recognize the rare 
instances of Mac malware that exist and can deal with them.  I recommend 
Intego's Virus Barrier:
http://www.intego.com/virusbarrier/ 



Randy B. Singer

Co-Author of:
The Macintosh Bible (4th, 5th and 6th editions)

OS X Routine Maintenance
http://www.macattorney.com/ts.html

More information about the X4U mailing list