‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus

“The proof of concept Mac OS X virus, which was discovered late last week and dubbed Macarena, includes comments in the code that indicate the author had a difficult time creating the malware,” Munir Kotadia reports for ZDNet Australia.

“Paul Ducklin, head of technology for Sophos Asia Pacific, said that the virus was ‘not important or significant’ …in the source code, Ducklin said the author had expressed what appears to be frustration at trying to make the virus effective on Apple’s platform,” Kotadia reports. “‘In the source code, which is a mish-mash of stuff, there is a comment where the author says ‘so many problems for so little code’,’ he said. ‘So it does look as though virus writers, fortunately, still have a way to go before they are able to write Mac viruses with the proficiency and fluidity that they can for Windows.'”

“‘It doesn’t have any of the characteristics of a modern effective or dangerous Windows worm or Trojan, it is a simple appending parasitic infector,’ Ducklin [said].

Full article here.

MacDailyNews Note: As the full article also states, in so many words, the usual good advice: Regardless of platform, do not download, authorize, install and run applications from untrusted sources. As always, the most effective antivirus software in the world is Mac OS X in the hands of users who possess at least a smidgen of common sense.

Related MacDailyNews articles:
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005


  1. It should be classified as “harmless proof-of-concept malware.”

    “Macarena” is a nice little example of how really difficult it is to create real Mac OS X malware that does anything harmful.

    Apple has done exceedingly excellent work with Mac OS X.

  2. “Macarena” is “proof-of-concept.” Meaning, it’s virtually meaningless to computer security people and totally meaningless to actual Mac OS X users.

    In reality, “Macarena” is another example of FUD marketing. It’s purpose is to try to sell AV software products to people who do not need such products.

    Symantec and all the rest of the Windows AV software makers are being pushed out of the Windows market by Microsoft. They need new sources of revenue. They want uneducated Mac OS X users to be afraid and buy their junk. They are up the creek without a paddle.

  3. You can’t really read anything into the comments he inserted into the code – the guy may not be very good at what he was trying to do and a better writer may have struggled a lot less so the virus writing problems are relative. In other words, don’t take too much comfort because the guy may be a crap programmer so let’s all just follow the good advice and stay on the vigilant side.

  4. Wow, 1 virus and its time to jump ship.

    There is one thing to always remember about viruses. You only need Anti-Virus software if the virus is too malicious to remove yourself. Just think of all the people who’s computers are crippled and they still use it. Even if my Mac gets infected, not until it actually inhibits me in some form or another will I consider any such software.

    Another point of reason, if you can honestly justify an $80+ expense because you can’t figure out how to restore or reinstall a system then by all means, go for it. The virus may be real, but will it bring my operations to a grinding halt? Not bloody likely.

  5. Paul Ducklin seems to have miss-read the virus-writers comment. If I heard this spoken by a Russian who speaks bad English, I’d read it that what he was saying was:

    ‘So much damage created with such a small amount of code’

    and NOT

    ‘so difficult to write a damaging virus in a small amount of code’.

    The fact that it doesn’t propagate to other directories is probably more of a limitation in the code, and not a restriction in the OS. How much effort would it be to make that change?

  6. OK, maybe we’ll have a couple of weeks before the FUD starts again. In the meantime, I’ll mention a comment made in response to another topic here a couple of days ago.

    I realize that these days most of the big time, particularly non-US, virus writers are in it for the money scams, and Doze is where the money is (not to mention the poor security), but that individual said that the first person to write a true OS X virus would be a “legend”. In spite of the fame that would come from writing the first true OS X virus, five years after the release of OS X it hasn’t happened.

    There’s no doubt to me that anyone who doubts OS X’s security is obviously not paying attention, or has an anti-Apple agenda.

  7. Nothing has changed. No one outside of a anti-virus company lab has ever had a Mac, running OS X, infected by a piece of malware.

    Anyone can damage files on their own Mac. You don’t need an engineering degree to do that.

    Nothing to see here. Move on.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.