Mac Virus

More Antivirus for Mac

maclover — Mon, 11 Jul 2011 15:53:14 +0000

Well, most of us have been awestruck by the beauty and performance when it comes to an apple computer, be it an iMac or a MacBook, there always has been hype over the use of legitimate software and the apple application store being the main marketplace for the software and updates. Although the company has a long history of high performance machines with the least number of software problem, in far simpler words if we say, the MAC computers have been known for their cleaner environment when it comes to pests like viruses, and spywares.

But even apples finest codes making up the Mac OS that run the apple computers, is bound to have flaws which once discovered can be exploited by malicious programs which later take the name of Viruses. Began in 1982, Elk Cloner was one such virus which although dint do any damage, but was able to get the classification of a MAC virus, later its next edition Leap-A manipulated the iChat application. And by now, it was clear that Mac OS was no longer able to hold its bug-free image.

List of available Antivirus for Mac

Kaspersky Antivirus for Mac
ClamXAV
F-secure
Iantivirus
Sophos Antivirus
Avast

With more and more people turning to a higher user experience and embracing apple computers, the market share has started to grow phenomenally over the years.And more and more malicious programs try and cause havoc to the world of mac users.As such the bigger players in the anti-virus market for Windows OS are now seen to be entering the Mac OS market too.

Symantec’s Norton 11 comes for under 50$,Moreover Symantec as well as Intego has brought out what they call the dual protection systems, which provide both Windows as well as Mac antivirus applications in the same bundle. Although buying a Mac is said to be your first step towards being safe from antiviruses, but it is always advisable to have an accessory anti-virus program running which gets the daily updates to take charge in case of an infection.

The market has seen the entry of a large number of players, Clam XAV is an open source virus removal program that has appeared on the Mac OS platform. Not only this, Clam XAV allows Mac users to scan email attachments for Windows viruses before sending them over to their recipients. Being free of cost, this has been warmly welcomed by the users and a lot of positive reviews have also flooded the market about it.

F-secure and iAntivirus are yet other notable names that come up with their packages under $50, which provide regular updates and helps keep the system clean of pests that could disrupt the smooth functioning of your Mac. No matter what people say, Mac has a reputation of being free of bugs and would continue to do so, but with more and more people switching to a Mac run system, the chances of developers letting out anefficient bug could also happen. As such, it is always better to have a safe side and keep an antivirus program handy, thus assuring peace of mind...!

3 tips you can use to strengthen Mac’s security

maclover — Wed, 29 Jun 2011 14:10:31 +0000

Mac OS already provides some default options for security but some are disabled. You need to enable them in order to secure the Mac better. Follow these simple steps to enable recommended settings:

1. Add login password

Click Apple icon then choose "System Preferences"
Choose "System" tab > "Accounts" > "Login Options"
Disable "Automatic Login" then select prompt for both username and pass.
You also need to disable "Allow guests to login to this computer" and "Allow guests to connect to shared folders"
Close "Accounts" tab to save the changes.

2. Configure password security

Click Apple icon then choose "System Preferences"
Choose "General" tab
Enable following options:
- Require password to wake this computer
- Disable automatic login
- Require password to unlock each System Preference pane
- Use secure virtual memory
- Disable remote control infrared receiver
Close "Security" tab to save the changes

3. Enable firewall

Click Apple icon then choose "System Preferences"
Choose "General" then "Firewall" tab
Choose "Advanced". In some case you need to enter password to choose this option. Then enable these options
- Enable Stealth Mode
- Enable Firewall Logging
Click "OK" then close "Security" section to save the changes

List of Known Mac Viruses

maclover — Wed, 29 Jun 2011 12:52:19 +0000

Here is the Mac Viruses list from iAntiVirus

Name	Description
Adware.OSX.Cosmac	Adware.OSX.Cosmac is a proof-of-concept adware sample for Mac OS X. This malware can be installed without requiring root privileges and can hook into every application so that everytime the user access these applications, Cosmac will launch the Safari web browser.
Application.OSX.BackTrack	BackTrack is a keylogger program from Modesitt Software. This program stores user activity in an SQLite database file. In addition to being a keylogger, this program also tracks user activity and records such as application name, window name, date and time. It is able to create separate databases for every application and window used. This program is portable and it does not require installation.
Application.OSX.EasyCrack	Application.OSX.EasyCrack is iAntiVirus detection for EasyCrackwithJohn application. This is a password cracker and the author describes it as a utility to crack a password of a user of another connected Mac.
Application.OSX.eWatch	Application.OSX.eWatch is a keylogger and also a remote access tool designed to remotely monitor users's computer activity. It can capture screenshots, log all users' keystrokes, enumerate all running processess and monitor internet browsing activities.
Application.OSX.KeyboardSpy	Keyboard Spy a keylogger from AlphaOmega Software. This keylogger can record all keystrokes and save them to a log file. Keyboard Spy is portable and does not require installation to function.
Application.OSX.KeyloggerX	KeyloggerX is freeware keylogger program designed to work in OS X. This application usually arrives as KeyloggerX.dmg.sit (768,805 bytes) which contains the KeyloggerX executable, Disclaimer.rtf and Read Me.rtf. The document explains that this application will create log files in the User Preference folder. However, upon execution this program stays in the background and fails to create the said folder and files.
Application.OSX.KeyRecorderX	KeystrokeRecorder X is a keylogger created by CampSoftware. This keylogger can record users' keystrokes and capture screen shots. It has a stealth feature making it invisible from the dock, invisible in the force quit menu and invisible in process viewer. It can also encrypt the log files, plus send log files and screen shots through email and track active applications.
Application.OSX.LogKext	Application.OSX.LogKext is a powerful freeware kernel base keylogger in Mac OS X. It has a full stealth capability, where its user can controll its functionality by a command-line client called logKextClient. This keylogger is capable to log every single keystrokes of the user.
Application.OSX.Loselose.A	Application.OSX.Loselose.A is a gaming application for the Mac which also deletes files on your hard drive as you kill aliens.
Application.OSX.MonitorerX	Monitorer X is a keylogger created by Burning-Bytes. This keylogger can discreetly record every single keystroke into a log file. It has also an option to capture screen shots, and this feature can be triggered or activated through user specified keywords. So it will capture the current screen everytime the user types in one of the specified keywords.
Application.OSX.MonitorerXMan	Application.OSX.MonitorerXMan is a managing application that helps the user organize all text logs and screenshots created by MonitorerX Pro. This tool is currently distributed as freeware.
Application.OSX.MonitorerXPro	MonitorerX Pro is a keylogger and spyware tool created by Burning-Bytes. This software can record every single keystroke in background. Its stealth features include invisibility from the dock, invisible in the force quit menu and invisible at startup. It creates a log file everytime the user starts the computer and organizes these files according to date and time. It can also capture screen shots everytime the user types in a specific keyword. This version is called "Pro" because of the MonitorerX Pro Manager feature, where it manages all the log files and screenshots by user and date.
Application.OSX.RemoteControl	MacRemoteControl is a freeware application designed to work as a remote access and administration tool. This application can remotely access another macintosh using the TCP/IP protocol. Once it is connected, this tool can list all running process, quit or launch applications, restart, shut down or sleep the machine and activate OSXvnc. This tool was initially designed for personal use by the author but later it was made available to the public.
Application.OSX.Spy	Spy is a freeware application from SilverNetworks.net. This application has a server component which allows a user to remotely access a macintosh through a normal web browser. It also has Spy Tracker where it can list, see and access all Spy servers. Another feature of this tool is that it can log information, display remote computer information and handle file transfers.
Application.OSX.SpyMe	SpyMe is a remote management tool from Readpixel.com. This software allows you to manage and monitor multiple remote macintosh machines simultaneosly. It employes a client-server technology, where the server is installed on remote computers and the client component is on the managing side. This SpyMe client can send keyboard and mouse actions, capture screenshots, automatic wake up the server, handle file transfers and control multiple SpyMe servers. It also has an optional SpyMe Daemon which requires root privileges to run in background. A feature of this tool is to silently launch the server component every each login or fast user switch. The latest version of this software has an Internet Caf
Application.OSX.TypeAgent	TypeAgent is keylogging software from TypeAgent.com. This software can track and record all keystrokes entered into Instant Messaging, Browsing Activities, Emails, Documents and more generally any application running on your Mac. Furthermore, the user has an option to set the logs directory, activation hot key, password protection, uninstallation and option to run in hidden mode.
Application.OSX.TypeRecorderX	TypeRecorder X is keylogging software produced by Rampellsoft.com. This keylogger can discreetly monitors and records every keystroke in a log file. The vendor describes this software as essential backup tool in the event of system failure, power loss, or if any work is accidentally deleted or modified.
Backdoor.MacOS.Sub7Server	Backdoor.MacOS.Sub7Server is the SubSeven server component for Mac OS classic. This application is usually installed on the victim's machine. Once installed, it opens a port allowing any subseven attacker to gain remote access to the system and perform various tasks.
Backdoor.OSX.CarbonKeys	CarbonKeys is an open-source program that employs client-server technology. The server component handles keystroke monitoring, it records all entered keystrokes and waits for a remote connection from the client program. The client component communicates with the server and is able to download keystroke logs as well as screen shots on command. The server component is usually found on the victim's computer, while the attacker communicates through the client program.
Backdoor.OSX.HellRaiser	HellRaiser is a backdoor trojan. This tool employs standard backdoor client-server techniques. The server is usually installed on the victim's computer while the client controls the server. The installation package also contains a configuration plugin where the remote controller can specify initial server parameters such as port number, password, smtp settings and other behaviour. The server component runs in background and it is hidden from the dock.
Backdoor.OSX.IService.a	Backdoor.OSX.IService.a has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac.
Backdoor.OSX.IService.b	Backdoor.OSX.IService.b has the capability of connecting to a remote server over the internet. Once connected, it may receive commands from the remote attacker which may then be executed on the affected Mac.
Backdoor.OSX.IService.c	Backdoor.OSX.IService.c has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac.
Backdoor.OSX.Sub7Client	Backdoor.OSX.Sub7Client is the SubSeven OSX client component. This client tool allows the user to remotely connect and control another computer in the network. It has a graphical interface where user has to input the IP address and specify the port number of the server. This component is usually installed on the attackers machine.
Backdoor.OSX.Termite	Termite is a client-server terminal tool designed to remotely execute unix commands. This software package contains the Terminte server for OSX and OS9. These server programs come with another binary included which is called ServerEdit. ServerEdit manages the users' settings such as port number and the password. Termite servers can be remotely accessed using the Termite client for OSX and Windows. The server component can be easily installed since it is portable and does not require installation. The remote controller (Termite client) can manage and access multiple macintosh machines simultaneously and perform remote tasks using unix commands.
Backdoor.OSX.Winjack	Winjack is a freeware client-server remote administration tool from DigitalCalamity.org. This tool allows Mac OS X users to remotely access Windows based machines. The client component runs on OS X while the server is installed on the remote Windows machine. This tool has a powerful feature where it can manipulate files, applications and even the registry. It can also send messages, open URLs, create folders, shut down and restart the machine, capture screen shots, view running processes and transfer files. The Winjack server creates a registry entry to automatically launch itself at every system startup.
Backdoor.OSX.Xover	Xover is a freeware client-server remote administration tool from DigitalCalamity. The server component is usually installed on the target machine allowing a remote user to access the computer.
DDoS.OSX.CometShower	DDoS.OSX.CometShower is a client-server program designed to perform distributed denial of service attack to a specific IP address. The client program is the host attacker while the server component can be installed and run to multiple machines and different networks whoever wishes to participate on the attack. The server connects to the client program and the host sets the IP address and port of the targetted machine. Both the server and client program works in Mac OS X.
Eicar_Test_Files	The European Institute of Computer Anti-virus Research (EICAR) together with Antivirus and Internet Security vendors around the world has developed a standard test file which customers may use to test their antivirus installation. The detection name Eicar_Test_File is NOT A VIRUS. It a harmless test file designed to help customers check whether their antivirus product is properly installed and working.
Email-Flooder.OSX.Mema	Email-Flooder.OSX.Mema is a powerful and distructive mail-bomber used to perform Denial of Service attacks. This tool can mail-bomb multiple email addresses and connect to multiple SMTP servers simultaneously. It can open up to 500 simultaneous connections. The user can also set annoymous mode or use random names. It can also construct its own subject, message body and file attachment. The mail-bombing parameters define the number of emails from 1 to never ending mail-bombing and specify specific date and time of attack.
Email-Flooder.OSX.Propaganda	Emal-Flooder.OSX.Propaganda is a powerful email flooder/spammer that can connect to a list of SMTP servers and create up to 500 multiple connection at a time. The tool provides an option to construct the content of the email body, create arbitrary recipient names and add multiple attachments.
Email-Flooder.OSX.Torrent	Email-Flooder.OSX.Torrent is an email bomber/flooder tool designed to work in Mac OS X. The tool provides the attacker an option to construct email content, specify SMTP Server, add multiple attachment and specify the number of email attack that will be sent. Since this tool can only perform targetted attack, it is also possible that some security analysts may use this tool for penetration testing.
Exploit.EvilGrade.a	Exploit.EvilGrade is a multiplatform exploit tool that allows it to take advantage of poor upgrade implementations by injecting fake updates.
Exploit.Exploit.OSX.CVE-2007-0059	Exploit.OSX.CVE-2007-0059 is a proof of concept code that exploits a flaw in Apple Quicktime 3 to 7.1.3's quicktime movie (.mov) file with an HREF track (HREFTrack).
Exploit.Exploit.OSX.CVE-2007-6166	Exploit.OSX.CVE-2007-6166 is a proof of concept code that exploits a flaw in Apple Quicktime versions before 7.3.1's RTSP response handling of long content type headers.
Exploit.OSX.ARDAgent	Exploit.OSX.ARDAgent is iAntiVirus' detection for malicious code that exploits a vulnerability in Apple Remote Desktop.It takes advantage of a flaw in ARDAgent, a component of Apple Remote Desktop, and allows malicious programs to execute code when run locally, or remotely as root.
Exploit.OSX.CVE-2003-0201	Exploit.OSX.CVE-2003-0201 is iAntiVirus detection for malicious code that exploits CVE-2003-0201 vulnerability. It exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8 and it is capable of exploiting Mac OS X PowerPC systems.
Exploit.OSX.CVE-2004-0430	Exploit.OSX.CVE-2004-0430 is iAntiVirus detection for malicious code that exploits CVE-2004-0430 vulnerability. It exploits a stack overflow in the AppleFileServer service found in Mac OS X.
Exploit.OSX.CVE-2004-0695	Exploit.OSX.CVE-2004-0695 is a proof of concept code that exploits a flaw in the FTP service for 4D WebSTAR 5.3.2 and earlier which allows remote attackers to execute arbitrary code via a long FTP command.
Exploit.OSX.CVE-2005-0043	Exploit.OSX.CVE-2005-0043 is a proof-of-concept code that exploits a security flaw in Apple iTunes 4.7 which allows remote attackers to execute arbitrary code via a long URL in .m3u or .pls playlist files.
Exploit.OSX.CVE-2006-0848	Exploit.OSX.CVE-2006-0848 is iAntiVirus detection for malicious code that exploits CVE-2006-0848 vulnerability. It exploit Safari's "Safe file" feature which is a bug in Apple Mac OS X metadata handling.
Exploit.OSX.CVE-2007-0395	Exploit.OSX.CVE-2007-0395 is iAntiVirus detection for malicious code that exploits CVE-2007-0395 vulnerability. It exploits a command execution vulnerability found in Mail.app application and affects Mac OS X 10.5.0.
Exploit.OSX.CVE-2007-2446	Exploit.OSX.CVE-2007-2446 is iAntiVirus detection for malicious code that exploits CVE-2007-2446 vulnerability. It exploits LSA RPC service of the Samba daemon.
Exploit.OSX.CVE-2007-5863	Exploit.OSX.CVE-2007-5863 is iAntiVirus detection for malicious code that exploits CVE-2007-5863 vulnerability. It exploits the feature Distribution Packages used in Apple Software Update.
Exploit.OSX.Evasion.a	Exploit.OSX.Evasion.a is a proof-of-concept code that exploits a known vulnerability in MAC OS X's Java Virtual Machine. It allows malicious code to execute outside of the Java sandbox with the permissions of the executing user.
Exploit.OSX.Small	Exploit.OSX.Small is a proof-of-concept program that exploits Mac OS X's /usr/bin/passwd.
Exploit.OSX.Smid.b	Exploit.OSX.Smid.b is an expolits that takes advantage of the CVE-2009-3867 vulnerability. It allows a remote attacker to execute arbitrary code.
Hacktool.MacOS.UGMPortScanner	Hacktool.MacOS.UGMPortScanner is designed to scan and list target machines open and active ports. This tool is designed to work only with classic Mac OS.
Hacktool.OSX.AimSniff	Hacktool.OSX.AimSniff is a small utility tool designed to capture AIM user IP address running in Mac OS X.
Hacktool.OSX.BrutalGift	Hacktool.OSX.BrutalGift is a powerful ftp and pop3 brute force cracker designed to work in Mac OS X. It can scan and crack up to 500 connection at the same time. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.Cyanide	Hacktool.OSX.Cyanide is a hacking tool with multiple featues such as email bomber, port attacker, IRC flooder bot, FTP brute force attacker and port scanner. This tool also has network utility functions such as ping, lookup, traceroute and whois. It can also protect itself by watching certain ports for possible attacks.
Hacktool.OSX.Heirophant	Hacktool.OSX.Heirophant is a network utility tool designed to work in Mac OS X. It is capable to scan websites for web links, scan and ping specific IP address for open ports, create remote connection through telnet, proxy tool, construct crafted strings and use it to perform port flooding attack over TCP protocol. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.iChatSniff	iChatSniff is a program that extracts iChat audio sessions from a pcap-formated packet dump. A malicious user is able to use this tool to eavesdrop on iChat audio sessions.
Hacktool.OSX.macKrack	macKrack is a freeware password cracker for Mac OS X. It supports Crypt, MD5, SHA-1 and Salted SHA-1 algorithms. It uses both dictionary and keyspace brute force attacks to recover passwords. The latest version supports the cracking of zip archive passwords.
Hacktool.OSX.MacSmurf	MacSmurf is a tool used to perform Denial of Service attacks on a network. It does this by sending a large volumes of ICMP echo requests, and broadcasting them to machines on the network. The attack can invisibly redirect the broadcast ICMP packet to a targetted host. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.ManOfTheMiddle	ManOfTheMiddle is a tool used to perform man-in-the-middle attacks, allowing the user to monitor and potentially tamper with data flowing between 2 hosts. Although this tool can be used for malicious purposes, some security analysts legitimately use this tool to perform penetration testing.
Hacktool.OSX.SYNer	Hacktool.OSX.SYNer is a malicious tool designed to perform SYN flood exploit in TCP protocol. This tool uses a series of spoofed SYN-tagged TCP packets to hide the attacker real identity. The attack attempts to overload the target network which causes it to stop accepting incoming connection.
Hacktool.OSX.UnderHand	Hacktool.OSX.UnderHand is a client-server program that can connect and communicate to its victims' machine through its trojan server component. The trojan server has an option to run in hidden mode. Once the server is installed, the client can execute arbitrary shell command to the victims' machine.
Hacktool.OSX.ZapAttack	Hacktool.OSX.ZapAttack is a hacker tooll design to perform denial of service attack. It has multiple features such as Mass Connector, Muti Flooder, Port Flooder, UDP Flooder, Port Scanner, Port Checker and IP Resolver. The amplification server is a component program usually installed to another machine. It aims to assist the attacker amplify the attack.
Perl.OSX.RSPlug.a	Perl.OSX.RSPlug.a is a malicious PERL script targeted for MAC users. It downloads and runs another malicious script in the victim's computer.
Port-Flooder.OSX.Tsunami	Port-Flooder.OSX.Tsunami is a small utility tool designed to remotely connect to a specific port, construct crafted packet and peform port flooding attack. The attacker can either use TCP or UDP protocol.
RogueAntiSpyware.OSX.Imunizator	RogueAntiSpyware.OSX.Imunizator is a rebranded version of RogueAntiSpyware.OSX.MacSweeper. This version contains exactly the same functionality and looks of MacSweeper except the name was changed to Imunizator. Rogue application which uses deceptive sales and marketing techniques to get onto the users' system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces a download of the file/installation package.
RogueAntiSpyware.OSX.MacSweeper	RogueAntiSpyware.OSX.MacSweeper is a rogue application which uses deceptive sales and marketing techniques to get onto the users' system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces to download file/installation package.
Rootkit.MacOS.Weapox	Rootkit.MacOS.Weapox is a kernel based rootkit designed to work on Mac OS X (both PowerPC and Intel-based) machines. This tool can execute a root shell, elevate processes euid to 0, hide specified ports from netstat and hide login info from w and who commands.
Trojan-PSW.OSX.Corpref.A	Trojan-PSW.OSX.Corpref.A is a password stealing Trojan masquerading as a poker game program. It targets Mac OS X users.
Trojan.MacOS.ChinaTalk	Trojan.MacOS.ChinaTalk is a destructive trojan which deletes all user directories. It usually arrives disguised as a MacinTalk sound driver. It's code contains the following strings "A Phalcon/Skzm production".
Trojan.MacOS.Nvp	Virus.MacOS.Nvp is a malicious trojan that disguises itself as an application called 'New Look' in order to get onto the user's system. Once installed, this trojan modifies the system and prevents vowels from being entered using the keyboard. The malicious code contains strings, indicating the names of tha authors.
Trojan.MacOS.Tetracycle	Trojan.MacOS.Tetracycle is a malicious trojan secretly installed by Virus.MacOS.Mbdf.A.
Trojan.MacOS.Tweesh.a	Trojan.MacOS.Tweesh.a is a malicious trojan horse that may represent security risk for the compromised system.
Trojan.OSX.DNSChanger	Trojan.OSX.DNSChan is a malicious trojan that uses social engineering techniques to entice users to manually install the program. This trojan disguises itself as a video codec and associates itself with shared and free download videos. It was first seen and linked to porn sites but later it was also linked to funny videos. The mode of delivery of this trojan is typically via spam blogs (splogs), malicious banner Ads, poisoned Google search results and pay-per-install programs.
Trojan.OSX.DNSChanger.C	Trojan.OSX.DNSChanger.C is a malicious trojan that entices the user to download and manually install a fake video codec.
Trojan.OSX.DNSChanger.D	Trojan.OSX.DNSChanger.D is a trojan that entices users to download and install a fake video codec.
Trojan.OSX.DNSChanger.E	Trojan.OSX.DNSChanger.E is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.DNSChanger.F	Trojan.OSX.DNSChanger.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.HellRTS	Trojan.OSX.HellRTS has the capabilities to perform malicious backdoor routines, and is built using RealBasic.
Trojan.OSX.Lamzev.a	Trojan.OSX.Lamzev.a is a Trojan horse that opens a back door on the compromised computer.
Trojan.OSX.RSPlug.A	Trojan.OSX.RSPlug.A is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.B	Trojan.OSX.RSPlug.B is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.C	Trojan.OSX.RSPlug.C is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.D	Trojan.OSX.RSPlug.D is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.E	Trojan.OSX.RSPlug.E is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.F	Trojan.OSX.RSPlug.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.G	Trojan.OSX.RSPlug.G is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.K	Trojan.OSX.RSPlug.K is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.M	Trojan.OSX.RSPlug.M is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.N	Trojan.OSX.RSPlug.N is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.O	Trojan.OSX.RSPlug.O is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.P	Trojan.OSX.RSPlug.P is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.Q	Trojan.OSX.RSPlug.Q is a Trojan horse that changes the DNS settings on the compromised computer.
Virus.MacOS.Anti	Virus.MacOS.Anti is self-replicating virus that infects application files on System 6.
Virus.MacOS.Cdef	Virus.MacOS.Cdef is a self-replicating virus which infects desktop files used by System 6. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow down and consequently crash.
Virus.MacOS.Code1	Virus.MacOS.Code1 is a destructive virus which infects Mac OS classic system files and applications. This virus has known payload which renames the user's infected hard drive to Trent Saburo on the 31st of October of every year.
Virus.MacOS.Code252	Virus.MacOS.Code252 also known as D-Day Virus is a malicious program that infects Mac OS classic system files and applications. It carries a non-destructive payload where it can perform certain tasks like displaying a text message, opening a window or even removing itself. This payload is triggered every 6th of June and 31st of December. Strings indicate a message will be displayed when the payload is activated "Ha Ha Ha Ha Ha Ha Ha You have a virus Now erasing all disk! P.S. Have a nice day (Click to continue!)".
Virus.MacOS.Code32767	Virus.MacOS.Code32767 is a malicious program that infects files found on Mac OS system classic. This virus was named Code32767 because it modifies the infected file to point to its malicious code which is at code 32767.
Virus.MacOS.Code9811	Virus.MacOS.Code9811 is malicious program which infects 'APPL' type applications found on Mac OS classic. This virus carries a non-destructive payload where it draws a worm all over the users' screen at a specific time and date. Code indicates that this virus will display this message "You have been hacked by Praetorians!".
Virus.MacOS.Flag	Virus.MacOS.Flag is a self-replicating virus that infects application files on Mac OS classic.
Virus.MacOS.Init17	Virus.MacOS.Init17 is a destructive virus that infects Mac OS classic system and application files. The virus resides in INIT 17 resources.
Virus.MacOS.Init1984	Virus.MacOS.Init1984 is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload where it attempts to rename all files to random names and also change file information on every Friday which falls on the 13th day of any month.
Virus.MacOS.Init29	Virus.MacOS.Init29 is a destructive virus which tries to infect Mac OS classic systems, applications and data files by adding or overwriting the INIT 29 resource.
Virus.MacOS.Init666	Virus.MacOS.Init666 is a destructive virus that infects classic Mac OS system and application files.
Virus.MacOS.Init9403	Virus.MacOS.Init9403 is a destructive virus that infects classic Mac OS system applications and the Finder. Upon execution, this virus creates a file named "Preferenze" in the Extensions folder. This allows the virus to execute at every system start up. After a certain number of infections, it overwrites the startup volume and disk information.
Virus.MacOS.InitM	Virus.MacOS.InitM is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload whicht attempts to rename all files and folders to random names and changes file creation and modification dates to January 1, 1904.
Virus.MacOS.Mbdf	Virus.MacOS.Mbdf is a destructive virus that infects classic Mac OS system files and applications such as Finder. This virus does not have a malicious payload, instead it searches for system files and appends MBDF resources with IDs of 0 and 1. The infection takes time to infect all system files, but the machine will start to show non-responsive behaviour which subsequently resolves to a forced restart. This action will damage system files, and the only solution is to reinstall the affected files. This virus was first seen on the internet associated with shareware games such as "Ten Tile Puzzle" and "Obnoxious Tetris".
Virus.MacOS.Mdef	Virus.MacOS.Mdef is a self-replicating virus that infects classic Mac OS files. It does not have a malicious or destructive payload, instead it infects macintosh resources that is responsible for drawing menus. The infected machine will start to show non-responsive behaviour once a pull down menu is clicked.
Virus.MacOS.Nvir	Virus.MacOS.Nvir is a destructive virus which infects classic Mac OS system files and applications such as Finder. The infection causes system slow down, hangs and crashes.
Virus.MacOS.Scores	Virus.MacOS.Scores is a malicious program that infects Mac OS classic system files and applications, specifically Notepad and Scrapbook. After a number of infections, this virus will start infecting any application when it is opened. The infection causes the system slowdowns and crashes.
Virus.MacOS.Sevendust	Virus.MacOS.Sevendust is a self-replicating virus that infects classic Mac OS applications and system files. Some variant of this virus carries a non-destructive payload where it attempts to delete all non-executable application from the StartupItems during a specific time and day of the month. It appends MDEF resource to all infected application and INIT resource for the system files.
Virus.MacOS.T4	Virus.MacOS.T4 is a destructive virus that infects System 7 system files, applications and the Finder. The infection causes system slowdowns and crashes. After a certain number of infections, the payload will display this message "Application is infected with the T4 virus".
Virus.MacOS.Wdef	Virus.MacOS.Wdef is a self-replicating virus that infects desktop files used by the System 6 Finder. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow and consequently crash.
Virus.MacOS.Zuc	Virus.MacOS.Zuc is a self-replicating virus that infects application files in classic Mac OS. This virus carries an annoying payload where the cursor will display unusual behaviour after a certain period of time of infection.
Virus.OSX.Leap	Virus.OSX.Leap is an instant messaging worm which propagates via the iChat application, and also a destructive virus which tries to infect other binary files by overwriting their code. This malware was designed to work on Mac OS X running on PowerPC machines.
Worm.iPhoneOS.Ikee.b	Worm.iPhoneOS.Ikee.b is a worm that spreads through jailbroken iPhones by using the default SSH password. It steals sensitive information on the compromised device and has the capability to connect to a BotNet server.
Worm.MacOS.Autostart	Worm.MacOS.Autostart is a malicious worm that propagates by infecting the boot sector of removable volumes. Some variants of this worm drop a file named DB on the infected removable media and make a copy of themselves named Desktop Print Spooler in the Extentions folder, allowing it automatically run during system startup. This worm was designed to work on classic Mac OS (PowerPC).
Worm.OSX.Inqtana	Worm.OSX.Inqtana is a proof-of-concept worm that exploits a Mac OS X BlueTooth Directory Traversal Vulnerability.
Worm.OSX.Renepo	Worm.OSX.Renepo is also known as "Opener". This is a malicious bash shell script design to work on Mac OS X. This worm installs and copies itself to StartupItems. It then disables the built-in OSX firewall, prevents Apple updates and disables accounting applications. It can also turn on services and gathers detailed user information pasword hashes, user name from netinfo, keychain files and system configuration information. It also modifies limewire settings, deletes log files, creates an additional admin user, creates cron jobs and more. It also connects to the infernet to download hacktools such as John The Ripper and Dsniff. This worm propagates by dropping a copy of itself to shared folders.
Worm.OSX.Tored.a	Worm.OSX.Tored.a is a MAC OSX worm written in RealBasic which attempts to spread via email and network shares. It also opens a backdoor on the compromised computer.

Beware of Trojan Mac Defender – a Fake Virus Scanner

maclover — Sat, 21 May 2011 03:10:47 +0000

A new Trojan remover called "Mac Defender" has been causing lots of trouble to Mac users by requesting users to pay for found viruses on their Mac. The software is downloaded and installed on unprotected Mac using the "Open file after downloaded" feature of most web browsers. Even though admin password is requested to install the software, there are many users install accidentally.

Mac Defender runs as a viruses scanner on Mac to detect viruses, malwares and Trojan and it request users to input their credit card information to remove those threat.

Apple's reply make Mac users disappointed. Apple supporters answer that AppleCare didn't provide support in removing malicious software.

Mac Defender are being spread widely via many legit ads network and search engine results. Normal users should disable "open file after downloaded" feature of web browsers to avoid any threat. Otherwise, you can download famous antivirus from trustworthy vendor such as Kaspersky antivirus for Mac to protect your Mac.

Also, Mac users should enrich their knowledge of viruses.

VirusBarrier the first anti-virus for iPad

maclover — Mon, 25 Apr 2011 10:33:42 +0000

Intego recently announce the new version of VirusBarrier V6 which can scan viruses and malwares for the iPad. It is the first iPad antivirus.

In addition to iPad compatibility, VirusBarrier X6 adds the following features:

- A new option allows users to submit URLs that are flagged as web threats or phishing sites to Intego for analysis
- A contextual menu in the log allows users to add sites flagged as web threats or phishing sites to the Trusted Sites list
- A button in the web threat and phishing alerts allows users to add sites to the Trusted Sites list
- A button in the behavioral analysis alert allows users to trust an application
- An “Always require a password to access the interface” checkbox has been added to the advanced preferences.
- A new advanced scan option allows users to skip Boot Camp volumes during malware scans
- Minor bug corrections and performance enhancements

Other features of the VirusBarrier:

An innovative interface

VirusBarrier X6’s overview screen displays information about how the program is running and provides real-time feedback on its activities. It includes buttons and indicators that provide access to all of the program's main functions. Users can launch scans, monitor network throughput, and change settings for VirusBarrier X6’s many features.

The best program to stop Mac and Windows malware

VirusBarrier X6 is the best antivirus for Mac. With Intego’s Virus Monitoring Center keeping watch for Mac malware, users are protected from all known threats. When VirusBarrier X6 spots malware, the program blocks the infected files, and can repair or quarantine them so Mac users are safe.

A powerful personal firewall

VirusBarrier X6 is not limited to merely protecting Mac users from malware. Its powerful personal firewall, together with its Antivandal, provide thorough protection from all types of intrusions and web threats. VirusBarrier X6 stops hackers before they can infiltrate Macs.

Anti-spyware protection

Prevent software from connecting surreptitiously to remote servers, and stop applications from “phoning home”. Users can choose which applications they want to allow to connect to the Internet, and block all others to ensure their privacy.

Full suite of monitoring tools

VirusBarrier X6 has network traffic gauges, full logs of malware and network activity, tools to show which networks and services are active, and quick access to network query tools. VirusBarrier X6 provides administrators with the tools they need to monitor all network activity.

(Source: Intego)

Apple updates security on new Mac version

maclover — Wed, 16 Mar 2011 09:50:54 +0000

Mac OSX with the new update to version 10.6.4 has a built-in Mac malware protection in order to help Mac protect against backdoor trojan. The trojan is reported that can help hacker gain remote control over the devices with Mac OS. Apple doesn't mention about this in the changes log or release note but XProtect.plist, a rudimentary file which contains elements signatures, has been updated to detect HellRTS.

HellRTS is distributed by hackers under the cover of the iPhoto application. It is determined as OSX/Pinhead-B by a Sophos product. Mac devices which get affected by this malware get many information accessed by the hackers. They can send emails from your Mac, access system files and clipboard info and take screenshots.

This malware is dangerous due to it's origin and Mac users knowledge. instead of informing users about the threat, Apple chose to silently update their OS. And this will lead to many problem in the future when there are more viruses and malwares are developed to attack Mac.

As a Mac user, you should start to recognize possible threats and take the Mac security serious. The recent update of Apple can be called the first step but it can't replace an anti-virus' functions. Kaspersky for Mac is a good anti-virus you should consider installing on your Mac.

Does Mac get affected by keylogger viruses?

maclover — Tue, 15 Mar 2011 12:59:59 +0000

This is a question that most Mac users wonder when there are many pieces of news about the existence of Mac viruses. That's because keylogger causes more damage than other viruses and malwares. Of course, everyone knows it a "yes" now.

There are 3 possible cases where your Mac machine got affected by keylogger:

- One is that someone sits in front of your Mac and installs it. This is kind of impossible to happen unless you forgot your Mac somewhere else.
- One is via USB devices. This is one of the most dangerous sources even on Windows.
- Other possible exploit is external keyboard via bluetooth connection. hackers can use the connection to access your Mac and install the keylogger.

Kaspersky Antivirus for Mac

maclover — Tue, 15 Feb 2011 06:47:42 +0000

Unlike recent warnings from AV vendors, the Mac is surely an inherently safer platform than Windows - but very not even close becoming an impervious one. Some isolated signs and symptoms of trojans and worms within the last a couple of years is often a signal more dangerous malware is along the way. As today, Kaspersky Anti-Virus for Mac must provide some defense against known Mac threats, along with function as seek-and-destroy tool for that millions more Windows viruses inside field. Kaspersky Anti-Virus 2011 for Mac with features database which is updated constantly to help keep your Mac safe from Internet access without affecting your Mac's performance. Kaspersky Anti-Virus 2011 for Mac help you with prevent malware, to help you safely surf the net and using online banking security. With more than 30,000 Internet threats are discovered every day, your Mac - especially the precious data in it - maybe a virus attack after just one mouse click.

Kaspersky Anti-Virus is developed to protect computer users from several angles and from all kinds of Mac viruses and malware which are both traditional ones and advanced technology ones to continuously protect users from unknown threats. That's why Kaspersky is famous for its quick response to new malware and viruses. It happens because of constantly updated database. The threats are changed and upgraded everyday and Kaspersky adjusts to them quickly.

System Watcher, a great feature of the Kaspersky antivirus, monitors and tracks application's activities and performance in order to detect unnatural behaviors then stop the running process and inform users about the threats. Furthermore, System Watcher can recover system by rolling back to a certain point and remove created malware. The tool works in real-time to ensure your computer is protected as you browsing the web, download executable files, send mails, etc...

One who is not familiar with software installation can be at ease. The software is under box copy format so one can download the package, install immediately and use it right aft that without restarting your computer. The interface is designed to be simple to use for both a beginners and an expert. The GUI features color-coded icons so you always quickly realize your computer's security state.

Even though the interface is simple to use but it is very customizable. Users have total control over every component of the tool. You can adjust security level, enable or disable a specific feature and even change tool's layout. The Kaspersky URL Advisor which is available for both IE and FireFox is a must-have feature for one who is working online or surfs the web frequently.

There are many more features you can benefit from the software and to be fully protected from the threats.

download the software from it's official website

Why Mac Viruses and Malware are rare?

maclover — Mon, 24 Jan 2011 16:37:00 +0000

Most Mac users tend to believe their computers are proof against major security threats, particularly malware like viruses, worms, and trojan horses. Freedom in the many malware on infected websites which could turn most Windows PCs into botnet zombies is, the truth is, commonly a feature for consumers and also small enterprises. Even though this sense of invulnerability is pretty common, it is not exactly accurate. There is a fact like that because it is hard find some viruses and malware on Mac machines.

Why is that?

Creating Mac malware is more expensive since it is harder to publish (fewer weaknesses to), harder to help keep working (exploits are patched).

With all the relieve Mac OS X - the latest version with the os which could imply that high of the existing malware would not competent at running.

Also, compare to Windows users, Mac ones belong to small portion. Therefore money made from Mac malware is lesser. Think people would still target Windows simply because it turned out easier, regardless of whether which was only 5% from the world's computers? However, it is believed virus authors would squeeze effort straight into create a Mac virus since that will then open 95% with the world's computers for many years.

It is not really untrue about the fact that Mac OS is much more difficult to exploit. But it is not immune.

Do Mac malware or virus exist?

maclover — Mon, 24 Jan 2011 16:07:22 +0000

Max OS X have been available since 2001. Does malware actually exist in a Mac system? The answer is none? Max OS X is dependant on Unix, that was meant to be secure with a network which is and Windows wasn't built to be secure on the network, also it isn't, inspite of the patches weekly. So don't compare Windows to Mac.

The Mac virus timeline starts in 1982 whenever a 15 yr old were able to write the Elk Cloner virus, which affected Apple II computers of their boot sectors. Subsequently, a Mac virus, called nVIR, was spread by inserting infected floppy disks. Later, many variants came around for the reason that source code towards the virus was developed public. Then this HyperCard virus started infecting the Apple Mac OS 9, where one version with the virus was developed to promote Dukakis for President then self-destruct just after deployment. Panicked warnings about a inevitable flood of Mac malware happen to be regularly sounded since that time, but dramatic advances in Mac business have not really ended in similar rise in malware threats in accordance with those found on the Windows platform. As a consequence of that, there are not many people worry about Mac security.

There are cases of Mac malware that through which viewers are promised pornographic photos should they install an ActiveX component. The truth is, the viewers are rewarded having a Trojan horse and still have given over charge of their computer to hacker. There's also a proven fact that ESET's labs has collected a lot of Mac malware. That is not breathtaking when compared to the hundreds and hundreds of binaries targeting Windows we see daily, however it is certainly real and increasing.

Overall you'll find Mac malware/viruses, but there still isn't one which quickly spreads without user intervention or there is certainly one famous enough to strike the Mac world. However it is not too far gone to impove your Mac's virus defender.