Malware on OS X

A friend of mine recently made the mistake of clicking a seemingly innocuous link sent to her over AIM. As it turns out, clicking the link somehow executed some code that got her machine infected with all sorts of spyware, adware, and other miscellaneous malware. Since this infection required user interaction it would be a trojan, not a virus, but whatever you call it, the result was several hours wasted trying to repair the damage. In the end, System Restore and an application of Adware and Spybot solved the problem.

No, my friend does not use a Mac.

If she did, she wouldn’t have been infected to begin with, since there are as of this date no automatically spreading viruses for OS X. There have been trojans, such as the infamous Opener, and there was at least one proof-of-concept exploit for the now-patched Dashboard vulnerability in Tiger prior to 10.4.2. But other than these things, and perhaps the omnipresent MS Word macro viruses, there’s nothing. Zip. Zero. Nada. Even Wil Shipley and his $500 say so.

Since most people who read my blog are already Mac users, I’m probably just preaching to the choir here. So I’ll cut to the chase: My main point is to stake my claim to being the first person to identify the first trojan for OS X. It was LimeShop, a background process run by LimeWire that apparently would monitor your web shopping and alter cookies so that the authors of LimeWire would benefit from purchasing referrals at sites like Amazon.com. I reported it at MacNN about a year and a half ago. As a result, LimeShop was removed from LimeWire soon afterwards. Go me.

]]>