If you got to this page looking for the Mac Virus page at macvirus.com, welcome! This is the home of what may eventually be a major Macintosh security resource, including some of the historical material that was formerly available at Mac Virus. Unfortunately, negotiations with the organization that was to have sponsored it stalled, but if there's enough interest it will happen eventually. In the meantime, the page is being maintained as time allows pro bono. If you're looking for macvirus.org or macvirus.net, those sites are currently experiencing some problems you may want to be aware . Hopefully, these problems are temporary, but so far they seem to have been addressed by effectively cutting off all useful access to them. The Mac malware business is heating up right now: several anti-malware vendors are in the process of launching Mac-specific scanners, and some who already have products in that space are emphasising that there's more Mac malware about than there used to be. And there is. Not just the OSX/RSPlug (or OSX/Puper, or OSX/DNSchanger) Trojan that came to prominence last year (see below), though that remains a significant worry. (It's still claiming victims, though hardly epidemic, and variants are still appearing regularly, indicating that the bad guys still think it's worth dedicating time and resources to Mac development. It's also a worry that according to F-Secure, Apple support are still unaware that any malware exists that targets OS X. We're also seeing other forms of blackhat interest such as a rogue antispyware products that only detect imaginary malware, various flavours of malicious/semi-malicious software ported across platforms (Linux, FreeBSD, OS X), and so on. I recently wrote a couple of chapters on these issues for a Syngress book called OS X Exploits and Defense, and one of these days I'll find time to read the chapters I didn't write. While the antivirus company for whom I'm currently doing contract work doesn't currently have a Mac product, I continue to keep a close eye on these developments, and some of those observations will find their way onto this page. In the last quarter of 2007, a Trojan called OSX.RSPlug.A (or OSX/Puper) attracted a great deal of attention. I blogged on that at the Securiteam site - see http://blogs.securiteam.com/index.php/archives/1029. I'm not currently blogging on that site, however: in fact, most of my blogging activity now takes place on the ESET site at http://www.eset.com, and the (ISC)2 site here. As ever, I'm happy to try to answer queries on this, or refer them to someone better equipped: also, I'm particularly interested in tracking the real impact of this type of threat, and reports of compromised machines will be forwarded to groups and individuals who can use them to reduce the damage they cause. MacVirus Links This site has no connection with http://www.macvirus.net or http://www.macvirus.org (actually the same site, which is in turn associated with http://www.securemac.com/ and the antispyware package MacScan. Of course, the original Mac Virus site (this one!) hasn't been maintained regularly over recent years either. Recently, though, I've become concerned that these other sites, which may be seen as authoritative, are actually seriously under-maintained. Some of the virus information on these sites seems to be reasonably sound, though sketchy and out-of-date, and some of the information is completely wrong (AutoStart did not appear in 1985!). Some of the links are to pages dealing with anti-virus packages that either don't exist any more or are so cobwebby that they really shouldn't be recommended. Even worse, the forum at macvirus.org has been flooded with spam linking to sites that have been serving the DNSchanger Trojan, and the messages were not removed for some time, despite publicity in The Register and elsewhere. I have attempted to contact the maintainers of the site, and while I never got a direct response, they did eventually make the forum - and everything else on that site - unavailable. I have no idea whether they intend to restore any functionality to the sites. (The SecureMac site is still being maintained from time time, as, apparently, is the MacScan product.) In the meantime, I have to recommend that if they ever become functional again, that you treat the virus.org and virus.netwith extreme caution, and do not regard information given there as authoritative. I'll put up more information here as the situation develops. However, I still hope to establish amicable relationships with other Mac security resources as this one develops. I’ll be putting up some more Mac links in due course, and will maybe include some reviews. In the meantime here are a couple of links you may find useful.: http://www.apple.com/support/security/
http://homepage.mac.com/macbuddy/SecurityGuide.html
http://www.sophos.com/
http://www.mcafee.com/
http://www.symantec.com/
http://www.virusbarrier.com/ MacVirus Archives The archive version of the original Mac Virus is not currently available here or at ICSAlabs, but will be restored here in due course, though it's of more historical interest than contemporary relevance. Version 2 of the “Viruses and the Macintosh” FAQ will not be put up here until I’ve finished revising it, which may take a while... The Mac security landscape has changed a lot since Mac Virus was last updated. Classic Mac viruses are rarely reported now, and OS X malware is still something of a novelty. This page will, therefore, be more of a general Mac security resource, but will still make good use of my alleged specialist expertise in Mac malware where appropriate. In the meantime, I'm working on updating Mac Virus material to reflect the 2007 threatscape, and new material will start to appear here in due course. In the meantime, if you have questions, comments or ideas, please contact me at info@smallblue-greenworld.co.uk, and I’ll help if I can. Recent Mac Virus Paper Traditionally, the response to any mention of viruses in the Mac community is along the lines of “There aren’t any Mac viruses, it’s all vendor hype.” I’ll come back to that issue in due course. For now, I’ll just remark that Marius van Oers presented an interesting paper on “Macintosh OSX binary malware” at the 2006 Virus Bulletin Conference: as far as I remember, this was the first Mac-related paper to be presented there since I presented one in 1997 to half a dozen delegates, a dog and the hotel detective. (It was my first conference presentation, and I still break into a sweat remembering it…) For more info on the VB conference, check out http://www.virusbtn.com/conference/index. Mac Viruses in Security Books Peter Szor’s excellent “The Art of Computer Virus Research and Defense” includes a little Mac virus information, as does Rob Slade’s out-of-print “Guide to Computer Viruses”. Roger Grimes’ “Malicious Mobile Code” makes only fleeting allusions, but it is sub-subtitled “Virus Protection for Windows”. “Viruses Revealed” by myself, Rob Slade and Urs Gattiker, includes quite a lot of Mac info, but it’s far from up-to-date. However, the rights to the book have reverted to the authors, and we’re considering an updated edition. My chapter on viruses in “Maximum Security” includes some Mac virus info, as does Nicholas Raba’s Macintosh chapter. The 4th Edition of the “Computer Security Handbook” includes a handful of very generalized observations. The AVIEN book discussed elsewhere on this site includes a little cross-platform information. "OS X Exploits & Defense" (Syngress - see above) has a couple of chapters by myself on Macs | 
