Do i have spyware on my macbook?
 

I recently moved over to mac this month and I was under the misconception that you couldn't get spyware on a mac!. while viewing my favourite blog on blogger.com using firefox I noticed hidden sex adds in the text field and an in the contents section. also when browsing using bloggers search I was re-directed to blog sites
that where basically sex related!. I tried using safari but the same thing happened again!..incidentely I have installed no scrip to firefox and that has stopped the problem in firefox but I am confused to why this has happened in the first place,also do I have anything to worry about regarding spyware on my mac?

No. Or unlikely in the extreme.

The web site you went to must contain redirects to porn sited and/or has been hacked.

There is still as of yet no known MacOS X spyware or self-installing malware of any sort. The likelihood of you being the first victim of the first such exploit is vanishingly slim.

The "mac" as you say is impervious to all spyware attacks lol. You have nothing to worry about except the www.sites that you visit. No browser will protect you from the scummy places on the net. You have to do that yourself. I quess it depends on what you are worried about exactly.

What on Earth gave you this idea?

There is currently no spyware that has been widely released into the wild that runs on a computer running OS X (using the generally accepted definition of spyware as something that monitors your behavior and collects information about you) . There is a single Trojan Horse that has been released into the wild that may be what you are seeing, though.

I am definitely not saying that you can't get spyware on the Mac. There are no magic elves protecting OS X (or any other operating system for that matter), and if someone writes spyware for OS X and releases it into the wild, then there will be spyware on the Mac.

But that has not yet happened.

It sounds like either you have the one in-the-wild OS X Trojan Horse on your computer (see below), or else there is something malicious being served, possibly via java, javascript, or Flash, from blogger.com. If you rule out the Trojan, then you should inform blogger.com that they have a problem. The reason I suspect java, javascript, or Flash is that you mention NoScript, which blocks those things except from specific websites.

Can you post a link to the blog that you were looking at so that we can verify whether there is an issue at blogger.com or if it is just on your computer?

There is one Trojan Horse that is served from some porn sites that runs on OS X and is in the wild. Here is the story at MacNN: http://www.macnn.com/articles/07/10/....targets.macs/

An exerpt from the article:
If you have the Trojan installed, that would also explain what you are seeing. If that is the case, clean up your computer by booting to your OS X Install disc, then doing an "Archive and Install", leaving the box checked to preserve your users and settings.

Trevor

This this this. Do this. If we don't see anything, you know it's somehow on your end. If we do, then we get free porn. :D

Thank you all so far for your welcome advice, Trevor here is the link to the blog page that I was referring to http://tinyurl.com/2x5k4m thanks again!

Do you ever remember installing ANY movie codecs to watch videos recently?
Any Firefox plugins/extensions installed?

And TinyURL isn't a good for a few reasons:
Obfuscates (hides) the actual URL, which may or may not be a 'safe' link.
If TinyURL ever goes down, the link wouldn't work at all.

This forum already makes long links shorter automatically, like this:
http://3.141592653589793238462643383...om/index1.html

timslim, I don't see sex advertisements in the text links, but the blog contents themselves seem a bit risque'. I'm not sure if this is a difference of interpretation, or if you're seeing something different than I am.

It's certainly possible that you've got the one Mac Trojan Horse infecting your computer, if you're seeing sex ads there.

Trevor

The easiest way to tell if you’ve been infected is to go to the top-level /Library -> Internet Plug-Ins folder, and look for a file named plugins.settings. If you find one there, chances are, you’re infected. However, since the names used by the malware authors may change, it’s best to check a couple of other spots as well.

From Macworld.com

Trevor with the no script turned on I cant see the ads but turned off there are black label ads when you move your cursor over the underline text in the blog posts and there is an add in the far right.plus I clicked the place you add here link and I was directed to an add site which it seems that the blogger maybe using to place ads on his site. I have contacted the blogger and hopefully he will get back to me. I do not remember ever installing any codec so i do not think i have a trojan horse!? This problem only happens on blogger so if I did have an infection wouldn't it happen else where also?

Ohh, maybe you are talking about those annoying contextual ads that popup automatically when you mouse-over text, such as in this page: http://news.softpedia.com/news/039-W...ut-72868.shtml

Also, does it happen in another browser, such as Safari?

3D - I hate those things. If you use firefox, you can run a greasemonkey script that'll kill those things... very worth it for me.

...Hate. Those. Things!!!

That script:

http://userscripts.org/scripts/show/3637

For other browsers, it looks like some people have custom CSS and hosts file solutions:

http://www.macworld.com/forums/ubbth...38&Main=479886
http://forum.avantbrowser.com/viewtopic.php?t=5782

IntelliTXT ads are awful.

Lets not too hastily jump the gun here on this one. Lets not forget MOAB or the hacker that won the 10k dollar prize for exploiting a mac using java scripting in safari (applied to all webkit browsers). Even though the latter example is not Apple's fault, it was Sun's for their sloppy java coding.

However, if the Mac were to be targeted I can think of tons of ways to easily fool users into installing spyware/malware on their systems. By design OS X is more secure because of the Unix under the hood, and how it requires authentication to install software that needs to modify the system in any way.

Now, what is to stop someone from writing a malicious program and disguising it as something else that any normal Mac user would not think twice about it? Like a stuff-it expander update, or a parallels desktop update, or an adobe update, so on and so on. These types of attacks, there is no defense against, other than relying on the user to be smart enough to actually tell its not really an update you want.

Every browser still takes cookies, and those can be malicious, but for the most part harmless. The reason windows gets so much is because it has the market share so it is targeted. To add to the fire, windows lacks certain standard security features in its OS model, and allows applications access to its kernel hooks. Plus that little thing called active X makes IE one of the most exploited browsers period.

I am very certain Apple will gain market share in the near future. We just deployed like a 100% apple network at my job, and its growing and growing. I am also certain once it gains that market share and you start seeing over 15% of the market become macs, I am sure they will too start being targeted.

OS X is not bullet proof.

I think that Macs have been targeted, just not successfully. There are maybe a thousand iPods out there with Linux installed on them. They have no direct access to the web, and yet there is malware for them. It isn't market share. It's the degree of difficulty. Nothing is, was, nor ever will be 100% secure, but so what?

Eventually, there will be a successful Mac virus, and the OP here could actually have the trojan, but neither case changes the Mac's level of security. When a virus is developed, the hole it uses will be closed soon after, and Macs will continue on. Eventually, even Windows (maybe Vista Service Pack 4?) will be secure enough that it will only be possible to break in with a trojan. It's true that no system will ever be 100% secure, but it's also true that every system has a finite number of flaws.

This was not Sun's "sloppy Java code"; it was absolutely Apple's fault. The actual vulnerability was a flaw in QuickTime for Java's toQTPointer() function that failed to sanity-check arguments passed into it. Properly malformed input would result in the ability to execute arbitrary code.

http://secunia.com/advisories/25011/

The only reason turning off Java stopped the exploit was because the attacker would use a malicious Java applet to execute the flawed QuickTime code.

Awww, ok thanks for clearing that up, I must have read the wrong article to begin with. The one I read they were trying to pawn it off on Java.

Can you post some evidence of there only being 1 thousand ipods with Linux on them, and how they have malware?

Well, I don't think anyone knows exactly how many there are, but it isn't a large number. The last estimate I saw was well below 1000. In any case, it is certainly a very small percentage of the 110+ million iPods sold. Given the fact (most iPod owners aren't even aware of Linux on iPod) that the number of iPods with Linux on them is dwarfed by the number that don't have it, one would expect that proof of concept malware would appear on the iPod sans Linux long before one for Linux on iPod if there was anything to the market share myth.

Yeah, well MOAB is a huge proof of concept, just like the whole crazy bluetooth self propagating virus was proof of concept.

All that means is that someone found a loop hole or bug, and proved that it could be exploited. There are proofs of concepts for every platform and every OS. The Linux iPods are not targeted by any means.

In that case, the user had to physically save the virus on to their ipod. It can't self propagate. That hardly constitutes as a real world threat.

But everything can be exploited! That's not the point. I'm just saying that with very few users compared to the standard iPod OS, the market share myth falls apart when you see that people actually took the time to prove that Linux on iPod could be exploited.

The market share myth says that the Mac isn't targeted because there are so few relative to Windows, but if we accept 98% market share for Windows and 2% for Mac, there is one Mac for every 49 Windows boxes. And for Linux on iPod vs iPod? What's the ratio? I'm guessing it's 1 Linux iPod to nearly a half million iPods.

It's impossible for the market share myth to hold for Macs and not for iPods. If Linux on iPod has been targeted, then the Mac OS (not to mention the standard iPod OS) must have been much more heavily targeted, or the market share myth has no basis in reality. But if the Mac OS has been targeted, where are the legions of viruses? There would have to be many, but there aren't. I'm saying that is a result of a high degree of difficulty. Not in writing malware. Anyone can do that. The problem is getting your code to 1) run with the right permissions and 2) propagate. That's two things that give more protection to the Mac than market share ever could.

OK, here is where I disagree with you and why. I will leave the conversation as is after I say my last piece. With Linux, you have nerdy, geeky people who are always recompiling source code, or viewing source or whatever. So, there is a higher rate of someone to say, "Hey, look what I found!" They get a kick out of it.

Now, with adware, spyware and malware, there is money involved. People actually have incentive to write that crap because it can make them money. The largest market share is windows, so they target windows to make the most money. Now, luckily for them Windows has a not so good security model built into the OS. Logically, if there is incentive to make money they will target the largest market. I still think Microsoft has over 80% market share, and a lot of those users never update their OS. There are tons of 'zombie' systems out there.

Even if that accounted for 90% of malware, there should still be hundreds of different exploits in the wild for Macs. There are just far too few attempts, let alone successes, for market share to be the reason.

/!\ Wet Blanket Alert /!\

I don't want to be "That Guy" here, I really don't, but the thread is kinda veering into the academic and buys into the standard arguments that don't frame platform security properly. Example:

The veracity of this statement, for example, unfortunately can't be used to make future projections about the security of a platform, because one platform's history of insecurity has nothing to do with another's. In the end, it isn't of paramount importance how often a platform has been attacked or successfully exploited, only that people are actively searching out vulnerabilities. More are found every day, and this trend will only accelerate as several factors increase:

1. Expanse of user base

2. Complexity of software implementation (As Schneier says, complexity is the enemy of security.)

3. Interconnectivity and integration of software

4. Ignorance of user base (social engineering attacks, ignorance of security and personal data protection practices, etc -- this typically comes with mass adoption of easy-to-use software, but is not relegated to that)

5. Arrogance of user base (leads to lax security policies and practices)

6. Sophistication of attacks

Big Scary Things to Think About:

1. Every platform has had exploitable vulnerabilities, currently has them (whether the public knows about them or not), and will have more in the future. (The QT vulnerability is a perfect example of this.)

2. Not all vulnerabilities require the user to download and open files and applications explicitly. (The QT vulnerability is a perfect example of this, too.)

3. Not all vulnerabilities require elevated privileges to do damage that matters to the user. (See also: QT again.)

There's simply no reason to think we're safe, even if our track record suggests we not worry. I recommend everyone be very careful about giving such an impression.

I'm not trying to give that impression, but I think that simply saying we're not 100% secure leads to problems almost as bad as saying that we are 100% secure; overuse of AV software with its questionable benefits, users panic when something doesn't work the way it should, and IT departments set burdensome restrictions on what users in an organization can do with their Macs, for example. There's a huge range between 0 and 100%, and having some idea of the real number is important.

If I thought there was a 99% chance I'd get in a fatal car accident then next time I drove, I wouldn't ever drive again. I do know that the chance is greater than 0% though, and I'm willing to accept the risk. Computers are no different. We can reasonably infer from past performance that the odds of a Mac getting infected are greater than 0% and significantly less than say, Windows.

still confused
 

THREEDEE YES those are the contextual ads that appear when you mouse over the text on the bloggers page!, they did appear briefly when I used safari but have disappeared!!are they placed by the blogger and other than being annoying are they considered to be anything to worry about?. I do feel that after using xp for years and NEVER getting any viruses or spyware during this time, only TWO weeks into using a mac for the first time I find it hard to believe that the one and only trojan horse able to attack the mac has been un willingly installed by ME! I have run macscan and it informs me that it has NOT detected any trojan horse on my system???? I am confused even more than before....I am being told one thing then another! please help a confused newbe! :confused:

I think you'd know if you had installed the trojan. It tells you it needs to download a codec when it asks for your password. You most likely are just seeing ads.

cwtnospam thanks for your comment, I think Im just paranoid from moving over from xp, everything seems so different!.

Yes, it seems to take switchers time to get used to not looking over their shoulder for the next problem. As has already been pointed out though, you don't want to get too complacent. The Mac is much more secure than XP, but it isn't perfect. Nothing ever is.

so you would suggest that I run macscan on my mac then...like I did with norton on my xp!?

No. :eek:
I suggest that you be careful what you open, especially if it asks for an admin password. I think that AV software can be useful in certain situations, but long term it is not very helpful, and it's a drain on resources.

It's better to require your OS vendor to close any holes that malware uses. That way you don't have malware attacking the same vulnerabilities years after they've been discovered. Apple's been good about closing holes before they're exploited in the wild, and I feel it's our job as Mac users to hold them to that standard.

Whether Mac users are ignorant (They're not! Mac users tend to be much higher educated than Windows users), or arrogant (I personally don't consider defending a platform that's been attacked for stupid reasons since '84, arrogance), is not the reason viruses might start appearing on a regular basis. It's the ignorance and arrogance of the producers of the OS.

Apple has always taken great care in plugging up security holes as soon as they can; Usually long before the security risk is commonly known. Of course Mac OS is targeted! If a virus writer were to succeed in writing a real virus for Mac OS, they would be instantly infamous! Don't even suggest that they're not trying. If Apple makes a single mistake and actually publishes something with a single and minor security flaw, news of it is published everywhere. I guess Windows flaws just aren't newsworthy…

The reason there are so many viruses for Windows and so few for Mac is entirely Microsoft's doing by releasing their OS with so many publicly known security holes. Instead of plugging those holes, what does Microsoft do? Blame their own popularity and convince the public that Microsoft, not the user, is the victim.

Windows is most often targeted for the same reason that an unlocked car with the key's in the ignition is more apt to be stolen.

This is why Windows users make fun of Mac users. How do you expect anyone to take your statements on security with any weight when you say things like this? How is this not absolutely arrogant and elitist?

This aside, you've misread, it seems, most of my post, especially the use of the word "ignorance", which has not been used as a pejorative descriptor.

To paraphrase Dizzy Dean, it's not bragging if it's true. The fact is that somewhere around 90% of computer users use PCs, and most of them, probably more than 90%, use PCs because they aren't even aware (or may be vaguely aware) that there are alternatives. Mac users typically have experience with PCs. Often, far more than they would like! To make the switch to the Mac requires that you first recognize that Windows is not your only choice and that there is likely to be a better way. That means you have to mentally break through decades of intense marketing by Microsoft and other people and organizations that make money off of Windows. The poorly educated aren't likely* to make the cut, especially with the FUD spread by the PC side: won't be compatible, no software, just as vulnerable, etc. PC buyers on the other hand, have no such barrier.

If you take a significant chunk of the best educated from any large group, the new group will be better educated on average than the what's left in the original group. That's not arrogance. That's just fact.


*I'm sure you can find exceptions to the rule, but remember we're talking about large numbers here.

I am sorry I have to come out and say this. Being an IT worker and system administrator, I can honestly say as a whole most users are not as smart as they think. I do not want to start a fight or make any generalizations, but after you've reset your 5 millionth password because your user base can't remember them, you tend to think this way. Or how many times I have to clearly explain the simplest thing to the same user.

Granted, there are some users who do know what they are talking about, but those are few and far between. I do have some users that I can just say, go ahead and do this and they do it right the first time. Those users I typically let them do their thing and they never need my support. They are small in number and are definitely not the average user.

In my experience Mac users definitely think they know more but that is not always the case. I can't tell you how many problems I had when OS X was first out. Dual booting OS X and OS 9 systems. Users would boot into OS 9 and see the /etc and /var directories, and delete them. In their minds you could always delete whatever you wanted in Mac OS as long as it wasn't the system folder and you would be fine. I have users request root access to machines because they read about it online. I have mac users that just do messed up things to their systems because they think it will never crash because it is a Mac. Then when I get to their machine, they are like, "Man it never crashed on me before, and I didn't even think Macs crashed!" I come to find out they have screwed up their system one way or another.

I am not user bashing, they are essential to my job. With out them, I wouldn't have a job. I like helping users, and I like it when users don't know something and they come ask me. I gladly show them what to do. Its the users that think they know and just run with it. In my experience, that is mostly Mac users.

Yes, a little knowledge can be a dangerous thing. Saying Mac users on average are better educated than PC users is a bit like saying that a P41 Mustang is a faster plane than an F1 Hellcat. That may be true, but the P41 is no F15.
;)

Please everyone, try to keep on the topic, "Do I have spyware on my macbook?". This conversation is wandering far off-topic, and if it goes any farther portions of it will be moved to another forum, perhaps the Coat Room.

Trevor

So tell me, guys, what does the current direction of this thread have to do with security? It's veered past "academic" and into "lol windowz users are stupid, macs rule", which does absolutely nothing to discuss the idea of security itself.

I see the same thing all the time. In the end, a Mac user (or developer) is just a normal person. People are flawed. Security fails when flaws are found. QED

This isn't arrogance… I've seen multiple reports (one example) that have shown on a per capita basis, that Mac Users tend to have higher educations than PC users.

I find it fascinating that the first line of my message is reason to ignore the rest of it. My point was that it's not the user's fault that any viruses exist, but the writers of the OS. The reason there are not viruses for Mac OS X can be credited entirely to Apple, Inc. themselves and the reason there are so many viruses for Windows can be directly blamed on Microsoft. The user's of Windows are the victims, not Microsoft.

Oh no!....The Mustang....was....P51.

Tell that to Chuck Hall. ;)
Edit: I do find more references to 51 than 41 and I suppose I should have called the Hellcat an F6F.

Does anyone have a list of files, or link to an article with a list of files, which contain viruses for MACs? Can they be searched in spotlight? For example, someone mentioned earlier to search for the plugins.settings file. Is there any library or central location that contains the information about these files, so one can read about symptoms or effects to their Mac?

I guess that you haven't actually read the thread so far. There are no viruses in the wild for OS X. There is only a single Trojan Horse that has somewhat widely propogated in the wild, and the information for that single Trojan Horse has already been discussed above. So you could say that "the list" is already above, despite the fact that the list only consists of a single entry.

Trevor

Sorry I wasn't specific enough. I meant viruses/malware/bad cookies, basically any known files that have been found to mess with your Mac.

Bad cookie? Like a stale Oreo? The definition of a bad cookie is different from one person to the next. Cookies by themselves don't do anything. They're not software, they're just files.

No, there's no known malware other than a Trojan that you need to download and install using your admin password.