Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’

Symantec’s “Security Response” website lists “OSX.Macarena” as “a proof of concept virus that infects files in the current folder on the compromised computer.”

“Symantec has been predicting for quite a while now that virus authors would increasingly dedicate their attention to the Mac platform and that Macs were becoming a tempting target for hackers. However, a newly discovered Mac OSX virus is hardly the firewall breach that the antivirus software makers have been prophesising,” heise Security reports.

“The distribution of the 528 Byte bug is low; while Symantec does not provide an estimate, somewhere between zero and 49 infections are believed to have been reported. It is also unclear where it came from.”

Full article here.

Symantec’s “Threat Assesment” as follows:

• Wild Level: Low
• Number of Infections: 0 – 49
• Number of Sites: 0 – 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy
• Damage Level: Low
• Modifies Files: Appends itself to files in the current directory on the compromised computer.
• Distribution Level: Low

Symantec’s website states, “When OSX.Macarena is executed, it performs the following actions: Infects other files when they are executed in the current directory, regardless of file name or extension.”

Full article here.

Swa Frantzen writes for The SANS Institute’s Internet Storm Center, “There is again a Proof of Concept Virus for Mac OS X. To be honest the virus is no big deal in itself. But it is yet another warning for a lot of parties involved.”

Full article here.

“Symantec has updated its definition files to remove the virus and repair the files, although it’s unlikely even one Mac OS X system has been affected as of yet,” Nate Mook reports for BetaNews.

“Although such proof-of-concept viruses have appeared in the past, Macs have been spared from actual real world attacks,” Mook writes.

Full article here.

MacDailyNews Note: Symantec’s information is sketchy at best and we’ve been down this road with them before (please see related articles below). We’ll have more info if and when it becomes available. In the meantime, enjoy Los Del Rio’s Macarena via Apple’s iTunes Store.

Related articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec warns of new proof-of-concept ‘trojan horse’ for Mac OS X 10.4.6 – June 30, 2006
Mafiasoft launches Windows protection racket – May 31, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

69 Comments

  1. I read through all the articles linked to from the MDN article, and also looked for articles linked to from those stories. No one mentions the delivery method of this virus. Just like any other virus, if you have no way of infecting my machine then I have nothing to fear. Am I supposed to download it? Will someone send it to me as an email attachment? Perhaps I’ll click on a link and it’ll download and begin running? I’m not impressed until you can prove that you can actually get this on someones machine without them doing it on purpose.

  2. No virus, worm or whatever can infect your computer unless the administrator lets them in. Unlike Windows, the MacOS does not give administrator access to the user.

    The user and the administrator can be the same person, but the OS does not know that, nor does it care. This is why seperate passwords are strongly suggested for those that have multiple user accounts on a single computer. Only one of those owners will have administrator access, which is protected by password.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.