How Mac Viruses Work

this a lot. It turns out that, well, it's more in a pretty big shady side. Well, you know, Okay, Well let's look at it this way. We can talk about the all the easy stuff and then we go, hey, everything's working normally. Well, that's got it for today. Yeah, that's true. That's a pretty short So we're going to

talk We talked once before about computer viruses. Actually a couple of times before we've talked about computer viruses, and today we wanted to talk about a specific pair of trojans that recently attacked a computing system that, for a very long time was seen as practically unassailable. That's true.

We're talking about the Macintosh and Honestly, you might be surprised to know this, but the very very first virus was written by somebody named Rich Scranta, and he actually created this as a practical joke when he was in the ninth grade for his apple to computer lab at school. And it was just a very simple thing that every once in a while and put up a message on the when the computer would boot up saying essentially, this is a virus. I mean I could read the whole thing,

but um, just kind of a novelty thing. He did it to test the theory that it could be done. And now viruses are more than twenty five years old, but they have gotten significantly more malicious. Right, Yeah, there, there there are still viruses that are just jokes, you know. There's still viruses that go around where all it is is just something that messes with you and makes you

think you're going crazy because your computer is not acting right. Um, but those are you know, those are annoying, But those aren't the ones that make the news. The ones that make the news are the ones, of course, that cause billions and billions of dollars worth of damages when people and corporations, when their systems just completely crash and no one communicates with anyone else. That's true. And there are a couple of things we need to point out before

you get in in deep. We need to point out that you were mentioning that we were going to discuss two trojans, and we should point out the difference in a trojan and a virus. I think um the virus is a self replicating program. Um it um basically will copy. For example, it will copy information from your address book. It will send itself to other people in your email message saying hey, you need to open this file. It's urgent. And when you do, you load it into your computer,

which then you know, propagates and continues to do. A trojan doesn't replicate by itself. UM. It's something that maybe somebody would say, do you have any viruses on your computer? Download this and find out now, And you download it and you install it, and lo and behold. It's not a virus protection program. It is, in need, a trojan horse, and it gets in and messages with your computer. Both are kinds of malware which you know mouth being bad,

dangerous software. And of course it's called a trojan after the trojan horse, which you know, we all have heard of it. You know, lots of soldiers hidd inside the trojan horse. It was pulled into Troy. They all popped out and then they started causing a ruckus as soldiers are want to do. Now, the trojans on your computer, same sort of thing. Hopefully they're not on your computer, but the trojans that could be on your computer, same sort of thing. It's a packet that has inside it

something nasty, and it can be a virus. So a trojan can deliver a virus which could then self replicate, or it could be something else. And one of the more prevalent trojan attacks, or at least one of the ones that gets the most news, are the kind that's set up butt nets, and these are programs the trojans. These trojans carry programs that give a remote user access to the core of your work computer. So suddenly someone somewhere else, possibly on the other side of the world,

can make your computer do things. And if they're clever enough, they can make them do things. Make your computer do things, and you don't. You're not even aware that your computer is acting abnormally. Well, if you were, then they could do something about it, or at least stop it. Yeah, at least turn your computer off if nothing else. But but yeah, if IF they're clever. And the reason why I say if is a lot of these programs tend to be propagated by people who themselves are not great programmers.

They tend to grab script from other websites and use them, and they're called script kiddies. Um, but let's get to the specifics of the Mac trojans that we wanted to talk about now. For a very long time, MAX have been seen as sort of, uh, much more safe than PCs, right, They're they're seen as you know, people are very proud. They'll say, I don't have to worry about viruses. I use a Mac. That's true. Um, this is a principle, which is it has a at least a rhyming name.

Security through obscurity. Basically, why bother writing viruses for the Mac crowd, because they're only ten or so of them out there, right, so they don't even bother. And and on top of that, the Mac operating system and on hardware is a closed system. It's not like PCs where you can you know, you can get a circuit board from one place and you can get memory from another place. Max are an all in one package that you get from Apple, and you can upgrade and everything. But for

the most part, it's a closed system. So again, security through obscurity. It's not something that is widely understood. Not people don't don't sit there and do a lot of Mac hacks. I mean there are people who do them, but there are fewer than the PC hacks. That's true. That's true. Um. And for a long time that that people in the Mac crowd of sort of speaking as someone who is a Mac user more often than not. Um,

you know, we're sort of under that mindset. We're saying, hey, I don't really need to spend seventy five dollars on a piece of antivirus software because my computer is safe. Um. And Apple explains that, you know, they think that their system is safe. They're not really particularly concerned about it, except not too long ago. A few months ago, they actually had a page up on their website and everybody took notice of the fact that they were saying, well,

maybe you should install some antivirus software. Probably wouldn't be a bad idea, and that which kind of deviates from there. Well, the OS ten operating system is a very secure system. You don't really need to worry about viruses. It's a selling point, it's a marketing point for them to UH to say how secure it is, right, And I think this is sort of the price of popularity UM. Mac sales UH increased significantly over two thousand and eight before

the economic downturn, which affected all computer sales. But they're up to a of market share now, right, so, and that's significant. So now that there are more Mac users out there, there's more of an incentive for someone who wants to create malware to create it for the Mac because now they have a significant population they can affect. Now, before if you were like, well, if people have PCs and one person has a Mac, it makes more sense for me to program something for the ninety people because

I'm gonna get more hits that way. But if the population of computer users gets high enough, then it totally makes sense. Okay, well I'm gonna switch gears because these people not only are there more of them, but they have been lulled into a false sense of security and I can take advantage of that. That's true now. The the Trojans that hit in January of two thousand nine that affect max effect a very specific subset of Mac users,

and I like to call them the naughty ones. So, in other words, right now, if using a Mac is still very safe, I should I'm gonna go out and say it right now, using a Mac. If you're using a Mac and you're being a law abiding, um, you know, upstanding citizen on the web, then you're going to be pretty safe using a Mac. But if you're a filthy, dirty, pirate yar and you're trying to steal software from the Mac, you might be in for a nasty surprise. That's true.

Um and all started with a suite of software that those of you who are not Mac users may not be familiar with. It's called I Work. Um, it's a collection, it's it's not really a A and Microsoft Office killer. But there are three applications that are part of the suite. Pages which is a you know, word processing program, Keynote, which is a presentation program, and Numbers, which is a spreadsheet program. And uh, oddly enough, these are very much

like three of the major applications in Office. But um, there was a pirate ID version going around, a broken version that people were starting to download, and uh, it contained more than just a copy of I work, it also contained a trojan horse and so this was propagated along or spread along bit torrent. So people using bit torrent to download a pirated copy of I work um received a trojan that installed as part of the eye

work Services installation process. And um it gave someone no one's really sure who at this point, as when we're recording this root access to the victimized computer. And that's that's a bad thing. That's what you can build a bot net or a zombie computer army out of are

these computers that have a compromised root access system. It means that someone else can then sort of fiddle with your computer and make it do things like UM distributed denial of service attacks or spreading spam, that kind of thing. That's sort of what most zombie computer armies are are used for. Yeah, the name of this one actually is OS ten dot Trojan dot ice services dot A catchy Yeah. Yeah,

well they all are. They have these fancy names. And it also depends on which, uh, which anti virus authority you're talking to, because at least on the PC side, usually each one has its own name for the each virus that is even more confusing. But in this case, yes, yep and uh, it's known to bury parts of itself

very deep in the system. UM. As a matter of fact, the experts say that if you've got this on there on your machine, it's probably best to do a clean installation of your operating system and just format your hard drive again again. Back up your computer, right. It's always important. We say it over and over, and you think we're joking. We're not joking. Not that I do it myself. I'm guilty of not doing I have been known to go a long time between backups, and it has in the past.

I've I've become legendary in the office for having some hissy fits when I've had problems with my computer. Yep, yep, manly hissy fits. I should add, if you say so, okay, um, And then you know that this happened, uh, I guess technically it was late two thousand eight when it started to show up, but you know, it was the holiday, so we waited to be worried about it until the new year, and the whole the whole eye work O nine didn't even really come out until UM Macworld that's true,

but which was immediately after writing year, so yeah, exactly. Um, but there was a variant that showed up not too long afterward. I just call it B. Just call it B. Yeah. Well it's the blah blah blah blah blah blah blah B instead of A. Okay, I mean, I don't have it written down in front. Un Lets you get away with that as you're you're right. So this is a

second trojan, very similar to the first one. Um, but this one was attached to pirated versions of Adobe Photoshop c S four for Apple, So again an illegal uh application and pirated application. It's is the one that's carrying this trojan. And if you went out and you bought a copy of Adobe Photoshop c S four, you're fine. I mean, that's that's a legitimate copy. It's not carrying

anything dangerous. It's only for the people who are saying, hey, I want this, but I don't want to shell out the you know, several hundred dollars it's gonna cost me to buy this program, so I'm just gonna steal it. Well, they're the ones who are paying the price right now, because they're the ones who had their computers infected. So, uh, if you were a a Mac user, the first and most important thing you should know about all this is

you're not completely immune from viruses. There's there, you know, no operating system. Even an Apple spokesperson said this, no operating system is a hundred percent safe. There there's always some vulnerability. And you know, of course, the manufacturers, the software manufacturers. Microsoft is famous for patching on regular intervals UM and Apple does sends out intervals patches to UM. The thing is, you know, you need to be aware that it can happen. And investing in any virus software

isn't really a bad idea. Yeah, it's expensive and there's not a lot of free anty virus software. UM I would be wary, especially of downloading anything that has a pop up window. Yeah that's a bad sign. Yeah, but you know, of course, Norton samantechmates makes a Norton anty virus for Macintosh, and uh Antigo, which also does is the the organization that finds a lot of the Mac viruses and issues alerts. UM offers its virus barrier, and both of them offer a dual platform version of the software.

Because some people who are using Intel based Macintosh is are running both Windows and Macintosh operating systems on their machines. Yeah, it's called using creating a virtual machine yep, yep, or in dual boot boots. Um, but yeah we should. Antigo actually said that in January that at least twenty thousand people had downloaded that I Work O nine installer. So that's twenty people who had their computers infected by a trojan. And that's just the I Work and that's not including

the Photoshop one. I don't have any any figures on that. I didn't I didn't see any fresh numbers on that. That was actually fairly close to when we uh, when we are recording the podcast now, so new hard numbers there, um it is. There's also a possibility to that you can run a foul of some malicious websites and some of the runtime operating systems. You know, there are a cross platform you know, if there is a virus that operates on them, you can you could possibly have some

problems with that too. So always good to be very conscious of what you do, no matter what operating system you're on. Now, sad to say, if your computer has been compromised, Let's say that you are a fine upstanding person, but your little brother decided he wanted a copy of I work for some reason. Perhaps he's starting a new lemonade stand and he needs to have a spreadsheet tracking all his sales, or a nice presentation. But of course you know you didn't download it. Of course we would

never suggest such a thing. But let's say that your computer gets a acted by it. You can find a trojan removal tool supplied by Secure Mac if you if you need that service, if if you know that your computer has been compromised, UM, I recommend that you get this trojan removal tool so that you can take take care of that problem, because the longer you leave it, the more likely your computer will be used in some really nasty denial of service tech or spam at tech

or whatever. I mean. For all we know, the person who is who designed this trojan did so just to prove a point. We don't know that there was any malicious intent, but we don't know that there's not either. That's that's true. It's almost like that the virus I mentioned earlier, the elk cloner, which was the very very first thing. It was sort of a proof of concept thing and and in in this case a practical joke than an actual problem. But you know, you'll notice if

your computer is starting to run more slowly. UM, if you're having trouble you know, with the general operations of stuff just doesn't work the way it did. UM, you might have reason to, uh, to believe that there is a evil entity lurking within your hard drive. Right if you look and see that there's a there are a lot of packets going across your home network and yet nothing is downloading at the moment, that's a good indication

something's going on. You know. My favorite, uh, my favorite macvirus of all time has to be the the Honor System virus UM, the one that basically went around saying, well, you know, we're not going to write a virus for your Macintosh. Please delete your entire hard driving. Forward this to all your friends. Yeah, so this is a good We we've pretty much kind of drawn the line between hackers who might show you that it's possible to create a virus in in order to boost security. UM. Hackers

often will do that. They'll they'll find security flaws and they'll publicize them in the hopes that someone will address those flaws. And fix it, whereas crackers are the kind of hackers who will exploit it for their own you know, means that's true. And they're all so tasty with soup they are. That's a good that's a good stopping point. So we're gonna wrap things up before we go. I thought it would be nice if we gave a shout out to a sister podcast of ours. It's brand new.

It just started publishing um February really and it's called stuff Mom Never told you. And it's a sort of a you know, a feminine perspective on various articles that appear on our site. And I highly recommend it um in a masculine way. Excellent. Yea, all right, And if you want to learn more about computer viruses and computer topics in general, you can check out dozens of articles that we have live right now at how stuff works dot com. And we'll talk to you again really soon

for more on this and thousands of other topics. Is it how stuff works dot com, brought to you by the reinvented two thousand twelve camera. It's ready, are you