• Is it a Song? No, its a Mac OS X Virus!

    Is it a Song? No, its a Mac OS X Virus!

    Techtree News Staff, Nov 07, 2006 1722 hrs IST

    Late last week, Symantec discovered a proof of concept Mac OS X virus, dubbing it "Macarena", and claiming it posed a very low level risk...

    mail share

Late last week, Symantec discovered a proof-of-concept Mac OS X virus, dubbing it "Macarena", and claiming it posed a very low level of risk. The company did however mention that certain comments within the code indicate that the author had a real hard time creating it.

"Macarena" was described by Symantec as "a proof-of-concept virus that infects files in the current folder on the compromised computer."

A Senior Security Response Engineer at Symantec, Peter Ferrie, explained on his blog that there is no payload in 'Macarena' and that it simply replicates. Ferrie observed the virus will not replicate very well because it is restricted only to the current directory.

Ferrie cited the '2006 Virus Bulletin Conference,' saying the bulletin contained suggestions about possible infection methods, and that it was obvious that the creator of Macarena had ignored all such suggestions, and gone ahead and placed the code in a rather unexpected region of memory.

Symantec said it has identified only 50 instances of systems being infected by "Macarena," which, according to the company, has a very poor replication mechanism, and is unlikely to cause problems for the majority of Mac users.

Going by the latest reports, Paul Ducklin, Head of Technology for Sophos Asia Pacific, has said that though "Macarena" is 'not important or significant,' he is concerned that the virus author distributed the source code.

Ducklin too has pointed out the virus creator's frustration in writing the code, hugely evident from comments like "so many problems for so little code".

Saying that the virus does not have any of the characteristics of a modern effective or dangerous Windows worm or Trojan, and that it is only a 'simple appending parasitic infector', Ducklin has stressed that "Macarena" is essentially an Intel-specific thing; meaning it will affect only Intel-based Macs.

Meanwhile, all this just might prove what's been said all along: that virus writers are not able to write Mac viruses as fluently and proficiently as they are Windows viruses...

Follow Techtree on Twitter

Related Links
Apple Releases Mac OS X Update
Blackberry for Windows Mobile Cometh!
Run Mac OS X on Netbook
Tag keywords
Symantec Macarena Mac OS X virus



Discussion Board
(4) Comments
mike
,bethlehem, on Nov 14, 2006 02:59 AM
The quote from Sophos falsely implies that Intel processors make Macs more vulnerable, when in fact the opposite is true. The fact that Sophos would stress this point to a computer illiterate public highlights thier dishonesty. The facts are clear: Viruses are specific software that attack other specific software-- not hardware! In fact, if anything, newer Intel chips are supossed to make all computers more secure by restricting certain types of malicious code from executing -- and Macs don't even need this yet!
Report abuse
Jimbo v .Winski
,Denver, on Nov 09, 2006 02:24 AM
The 50 count in your story is incorrect. They have it listed as 0-49. Upon further questioning, Symantec stated that no occurrences have been found in the wild, putting this square at 0 occurrences in the 0-49 range. Further, you actually have to put this "virus" on your computer and run it so that it infects the files in that directory. This means that there is no mechanism to infect. This would be akin to writing a macro in Windows that says DELETE *.*, then running it. It's not a virus guys.
Report abuse
DWalla
,Provo, on Nov 07, 2006 08:39 PM
FUD... this virus can't even replicate because of the OS X file structure. I'll bet the 50 'infected' Macs were all in the Symantec laboratories.
Report abuse
Swordmaker
,Stockton, CA, on Nov 07, 2006 11:11 PM
Actually, there are not "50" infected Macs... the Symantec report used a generic set of "Zero to 49" systems affected. Note that set includes "ZERO" which due to the extreme difficulty of getting infected with the Macarena, I suspect is the actual number of infected computers.
Report abuse

Opinion Poll