| MacVirus |
If you got to this page looking for the Mac Virus page at macvirus.com, welcome! This is the home of what may eventually be a major Macintosh security resource, including some of the material that was formerly available at Mac Virus. Unfortunately, negotiations with the organization that was to have sponsored it stalled, but if there's enough interest it will happen eventually. In the meantime, if you got here at around the time of this page update, you may well be concerned about the OSX.RSPlug.A (or OSX/Puper) Trojan that's been attracting so much attention. I've blogged on that at the Securiteam site - see http://blogs.securiteam.com/index.php/archives/1029 - but here a few other links you may find useful or interesting. http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml As ever, I'm happy to try to answer queries on this, or refer them to someone better equipped: also, I'm particularly interested in tracking the real impact of this type of threat, and reports of compromised machines will be forwarded to groups and individuals who can use them to reduce the damage they cause. And now, we return you to your normal programming... The Mac security landscape has changed a lot since Mac Virus was last updated. Classic Mac viruses are rarely reported now, and OS X malware is still something of a novelty. This page will, therefore, be more of a general Mac security resource, but will still make good use of my alleged specialist expertise in Mac malware where appropriate. In the meantime, I'm working on updating Mac Virus material to reflect the 2007 threatscape, and new material will start to appear here in due course. In the meantime, if you have questions, comments or ideas, please contact me at info@smallblue-greenworld.co.uk, and I’ll help if I can. However, I can’t guarantee an instant response: I’m now working freelance, and can’t afford to prioritize pro bono consultancy over paid work! MacVirus Links This site has no connection with http://www.macvirus.net or http://www.macvirus.org (it's OK guys, we don't mind this mild case of identity theft). However, there are some useful links there, including one to the “parent” site http://www.securemac.com/. Some of the virus information on these sites seems to be reasonably sound, though sketchy and out-of-date. Some of the links, though, are to pages dealing with anti-virus packages that either don't exist any more or are so cobwebby that they really shouldn't be recommended. However, I will be attempting to establish amicable relationships with other Mac security resources as this one develops. I’ll be putting up some more Mac links shortly, and will maybe include some reviews. In the meantime: http://www.apple.com/support/security/ MacVirus Archives The archive version of the original Mac Virus is not currently available here or at ICSAlabs, but will be restored here in due course, though it's of more historical interest than contemporary relevance. Version 2 of the “Viruses and the Macintosh” FAQ will not be put up here until I’ve finished revising it, which may take a while.. Recent Mac Virus Paper Traditionally, the response to any mention of viruses in the Mac community is along the lines of “There aren’t any Mac viruses, it’s all vendor hype.” I’ll come back to that issue in due course. For now, I’ll just remark that Marius van Oers presented an interesting paper on “Macintosh OSX binary malware” at the 2006 Virus Bulletin Conference: as far as I remember, this was the first Mac-related paper to be presented there since I presented one in 1997 to half a dozen delegates, a dog and the hotel detective. (It was my first conference presentation, and I still break into a sweat remembering it…) For more info on the VB conference, check out http://www.virusbtn.com/conference/index. Mac Viruses in Security Books Peter Szor’s excellent “The Art of Computer Virus Research and Defense” includes a little Mac virus information, as does Rob Slade’s out-of-print “Guide to Computer Viruses”. Roger Grimes’ “Malicious Mobile Code” makes only fleeting allusions, but it is sub-subtitled “Virus Protection for Windows”. “Viruses Revealed” by myself, Rob Slade and Urs Gattiker, includes quite a lot of Mac info, but it’s far from up-to-date. However, the rights to the book have reverted to the authors, and we’re considering an updated edition. My chapter on viruses in “Maximum Security” includes some Mac virus info, as does Nicholas Raba’s Macintosh chapter. The 4th Edition of the “Computer Security Handbook” includes a handful of very generalized observations. The AVIEN book discussed elsewhere on this site includes a little cross-platform information. I will be implementing a wider-ranging review of Mac resources in due course.
|