Symantec’s “Security Response” website lists “OSX.Macarena” as “a proof of concept virus that infects files in the current folder on the compromised computer.”
“Symantec has been predicting for quite a while now that virus authors would increasingly dedicate their attention to the Mac platform and that Macs were becoming a tempting target for hackers. However, a newly discovered Mac OSX virus is hardly the firewall breach that the antivirus software makers have been prophesising,” heise Security reports.
“The distribution of the 528 Byte bug is low; while Symantec does not provide an estimate, somewhere between zero and 49 infections are believed to have been reported. It is also unclear where it came from.”
Full article here.
Symantec’s “Threat Assesment” as follows:
• Wild Level: Low
• Number of Infections: 0 – 49
• Number of Sites: 0 – 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy
• Damage Level: Low
• Modifies Files: Appends itself to files in the current directory on the compromised computer.
• Distribution Level: Low
Symantec’s website states, “When OSX.Macarena is executed, it performs the following actions: Infects other files when they are executed in the current directory, regardless of file name or extension.”
Full article here.
Swa Frantzen writes for The SANS Institute’s Internet Storm Center, “There is again a Proof of Concept Virus for Mac OS X. To be honest the virus is no big deal in itself. But it is yet another warning for a lot of parties involved.”
Full article here.
“Symantec has updated its definition files to remove the virus and repair the files, although it’s unlikely even one Mac OS X system has been affected as of yet,” Nate Mook reports for BetaNews.
“Although such proof-of-concept viruses have appeared in the past, Macs have been spared from actual real world attacks,” Mook writes.
Full article here.
MacDailyNews Note: Symantec’s information is sketchy at best and we’ve been down this road with them before (please see related articles below). We’ll have more info if and when it becomes available. In the meantime, enjoy Los Del Rio’s Macarena via Apple’s iTunes Store.
Related articles:
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec warns of new proof-of-concept ‘trojan horse’ for Mac OS X 10.4.6 – June 30, 2006
Mafiasoft launches Windows protection racket – May 31, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Gosh I hate Symantec! They suck.
You know, they’re only hope is to get switchers because 99.99999% of Mac users HATE that company.
Who’s with me?!
It’s clear that Symantec wrote the virus.
Typhoon,
With you all the way with Symantec. They can’t drum up the business any other way without going with the FUD. They are sad
Did you look at the threat levels?
ITs no existent
its currently on 0 to 2 computers
that means no one even knows about this but symantic
WTF?
I read through all the articles linked to from the MDN article, and also looked for articles linked to from those stories. No one mentions the delivery method of this virus. Just like any other virus, if you have no way of infecting my machine then I have nothing to fear. Am I supposed to download it? Will someone send it to me as an email attachment? Perhaps I’ll click on a link and it’ll download and begin running? I’m not impressed until you can prove that you can actually get this on someones machine without them doing it on purpose.
I think I have that virus, because I can’t connect my Zune to my belly button!
Proof of Concept?!?
Sounds like “in theory”
This identification of the number of infections as “0-49” is ridiculous. Why not say 0 – 1,300,017? In either case the true stat is probably 0.
Yet another non-story. Like we keep saying, call us when there is an actual, real world threat out in the wild Symantec, OK???
No virus, worm or whatever can infect your computer unless the administrator lets them in. Unlike Windows, the MacOS does not give administrator access to the user.
The user and the administrator can be the same person, but the OS does not know that, nor does it care. This is why seperate passwords are strongly suggested for those that have multiple user accounts on a single computer. Only one of those owners will have administrator access, which is protected by password.
Hmmmm, Yea, I agree but,
Now just watch every other pain in the –butt writer go crazy showing how there has been a 10000 % increase in Mac viruses. Er. 0 to almost 1. LOL :-0
I guess I had better run right out and buy all the anti-virus software I can find. See Macs are only 1,234,567 viruses behind Microsoft. So we had better watch out.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Have a good and virus free (the cold kind
” width=”19″ height=”19″ alt=”grin” style=”border:0;” /> ) weekend.
N.
I’ll believe it when I see it. Symantec has a reputation of being a liar.
How could it a be a proof of concept AND they are keeping a count of infections. Doesn’t make sense.
Screw them. If viruses ever DO become a big problem for the Mac platform, I’m using someone else’s product.
In related news, Symantec’s fire extinguisher division details how to burn down concrete houses with a “proof of concept” gas can and matches. Lawers for the company reject questions concerning conflict of interest…
The smell of fear is odious.
Heard on floor four, “Macs are starting to sell. We need a plan.” They sat around the conference table, heads hanging.
A bubbly young intern popped her luscious head in the door. “Hey guys, Benjamin just got that Mac virus working.” Everyone stood, the mood lifting. An anonymous voice asked, “Can it be ready for the holiday season?”
FUD central.
It is clear that the 2 computers this virus attacks are those of the author himself. The virus probably only can infect with physical access to the computer.
Read the link on their website. It provides absolutely NO helpful details at all. A fifth-grader could write something more helpful. Does it require admin authentication? Is it self-replicating and self-propagating? Symantec calls themselves a security company?!?!?
Yeah, they’re scumbags.
Number of Infections: 0 – 49
All on Symantec machines no doubt!
If it has to execute, doesn’t the user have to be involved in the process? Doesn’t Mac OS X still give that warning about [app name] is about to run for the first time? I could probably write an Applescript app that, when launched and OK’s by the user, does something to the other files in the same directory.
The true nature of a computer virus is that it runs without the user knowing it’s there. Also, a truly threatening Mac OS X virus would have to launch and affect system (root level) files.
Poor Symantec. With Macs gaining popularity, they must try to convince people their bloated resourcehog software needs to hog resources on Macs, too.
BUAHAHAHAHA.
(yawn).
What time is it?
The tech dept. at my work installed Symantec Anti-Virus for Mac on all the Macs here. Anyway, one of buddies showed me a widget that tells you how much of your resources each program eats up. Symantec was using something around the 62% mark! I think the virus would eat up less, IF it’s actually genuine.
Kinda reminds you of those DAILY terrorist threats we sent out from 2001 until after election results in 2004 — and then, NADA! Zip! Gone! Geezus, we’re genius.
BTW, gas prices will skyrocket after Nov. 7 no matter the results. Cuz I said so.
“Number of Infections: 0 – 49”
What the heck does that mean? Why such an exact number? Why not 48, or 50? Where do they pull this info from. Wait, don’t answer that.