Oh No! My Mac Has a Virus!

No, it’s not 1988. I know my mac doesn’t really have a virus. Aside from the occasional email, I have not seen a virus on my Mac since System 7. So image my surprise that while Googling I came across a link that appeared to have the information that I was seeking. The title and summary looked valid. I did not notice the URL right away or I would have suspected it — Poland. I clicked on the link and was bounced to China and then to a .com site with an official looking URL. Google’s Safe Browsing did not catch it. Norton’s Safe Web also does not have it listed as evil.

Anyway, clicking on the link I found out that not only was my computer infected, but it is apparently running Windows XP and no one told me.

Warning!!! Your computer contains various signs of viruses and malware programs presence.

You system requires immediate anti viruses check!
Antivirus 360 will perform a quick and free scanning of your PC for viruses and malicious programs.

I chuckled to myself and I clicked the cancel button on this JavaScript dialog and proceeded to watch the “scan” proceed. The screen clearly showed my C and D drive. It ran through all of my Windows DLLs an found several “infected” files. Once it finished I got a very official looking “Windows Security Alert” showing some very nasty looking Trojans on my Windows computer. At no point did the screen say “just kidding”.

The next thing that happened was a downloaded file. The file name was a very official looking “InstallAVg_77025304.exe”. I’d had enough fun and this point and closed the browser and deleted the annoying little .exe.

For what for me was a humorous interlude could have actually fooled the average user and put their systems at real risk. I wanted to post some screen shots so that people could see what to watch out for. There are various permutations of the domain name. Both AVG and Norton 360 are real products and arguably good products. But there is no “Antivirus 360”.

What can you do to protect yourself? Aside from shunning Windows altogether it’s going to take some vigilance. Well if you are running a modern web browser like Firefox, IE 7, or one of the Webkit browser (Safari & Chrome), you are probably safe so long as you do not download and run their software. Don’t buy or even install software that volunteers itself to you. If you are searching for good shareware, use a trusted site like VersionTracker.com.

I recommend using OpenDNS.com. You can set the DNS numbers in your router and protect your whole home. The bad guys are smart about using domains that look official. Since OpenDNS is publicly supported, once a domain is identified as bad, it will be blocked. You can customize your protection and protect it immediately.

Leave a Reply