Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 12640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan found on mac

Macflyer90
Sophos mac home edition discovered trojan troj docdrop-au on my MacBook (osx). It was promptly removed ( with note to self to not open any ups emails in future!)

The narrative in the threat analysis said that the trojan affects windows operating system, that said, as it loaded itself on to my mac would it have presented a threat before it's removal?

Any advice much appreciated.
:1014335


This thread was automatically locked due to age.
  • 0

    Troj/DocDrop-AU is a Windows-only Trojan.  It can't hurt your Mac.  Sophos Anti-Virus for Mac detects all know Windows malware so that's why you got the alert.

    Though there was no threat to your Mac if you didn't have Sophos installed you probably wouldn't have known about it and it could still be on your computer.  It could then have been transferred to a Windows computer on a USB pen drive etc.

    :1014337
  • 0
    Thanks for that. I run win xp via vm fusion on an external USB Hdd. (Though not since I clicked on the email that caused the problem). I've also erased mac Hdd and reinstalled osx. Loading sophos was my one good call!
    I'm curious how a windows only Trojan can load itself onto a mac?
    :1014347
  • 0

    I can't be sure of the 'infection vector'.  Drive-by download maybe?

    :1014353
  • 0
    I think it was from a .doc file attached to a scam email. I was just unsure how something designed for Windows could navigate itself around the macs file system/directory. Ms word for macs was used to open file.
    :1014365
  • 0

    Where was the file located?  Does the log say?  The path may help explain how it got on the Mac.

    :1014379
  • 0
    I'm afraid the log disappeared when I erased the drive and reinstalled osx. From memory it was in 2 places, possibly cache? There was an initial generic malware threat recognised by sophos which related to the .doc file from the email. This was removed (again a windows threat, can't remember the name ) It was only when I updated sophos a few days later that the Trojan was found.
    :1014385
  • 0

    Well I guess it's gone now.  Windows malware is far more common hence Mac users will probably encounter more detections from malware targeted at the Windows OS.  Windows malware is generally just a file and though it can't run on a Mac it could be downloaded (through email or a browser) or transferred from a USB pen drive or network share.  If it's through your mail application the file can be in your mailbox folder on the local drive and then detected from there - just by syncing your mail with the SMTP/POP server.

    Let me know if you have any other questions, or mark a post as the accepted solution if answered.

    :1014391