Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 10226 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please Alleviate My Malware Ignorance

wstrohm

I own Sophos Anti-Virus v 7.3.11C, updated as of May 7, 2012. Scans have never shown any "threats." However, I have some general questions about malware and anti-malware programs.

My computer is a PPC PowerMac 2.7 GHz dual-CPU G5 (early 2005). I am running Mac OS X Tiger, v 10.4.11 and Safari v 4.1.3. Sophos runs fine on this system, and I have no questions about it specifically.

Just exactly how vulnerable are my Mac, OS, and browser to the recent malware infecting Intel Macs? I have never had any type of virus, Trojan, backdoor, or other malware on my system in the last 7 years. I have read that Flashback attacks through Java, but since everything I have read on various blogs is oriented toward Intel Macs, I have no information on whether my system even can be affected. Back in 2005, Macs were pretty much malware-free. Are these new threats applicable to my computer, or not?

In fact, are the current forms of malware even capable of running on any PPC (IBM) CPU? IIRC, the instruction set for a PPC970 and any Intel chip are sufficiently different that a "universal" app is required to run on both. Are current malware programs in that format, or are they targeted specifically at the Windows and Mac Intel systems?

I would like a clear idea of my risk level, if one is available.

Thanks very much for reading this!

----    Bill 

:1007213


This thread was automatically locked due to age.
  • 0

    Thank you for the excellent question!  This is something I have some level of answer for, and have been surprised that nobody has asked before, as it's really quite relevant.

    Here's a brief summary of the current threat landscape (for the week of May 17 2012) as detected by a sample of our OS X customers, and what platforms are affected by the threats.  Note that this information is relative, and is not meant to be comprehensive, but shows the general trends:

    Top 10 threats detected on OS X in the last 7 days, in order of prevalence:

    • Mal/BredoZp-B (16% of all threats) - Windows-only, arrives by email
    • Mal/Phish-A - social engineering, sometimes tricks people into giving away personal information, sometimes tricks people into downloading and running (predominantly Windows) malware; arrives by email
    • Mal/KeyGen-M - Windows-only, downloaded in torrents and from software cracking repositories
    • OSX/FkCodec-A - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • Mal/BredoZp-D - Windows-only, arrives by email
    • Mal/ASFDldr-A - Windows-only payload, usually found in Windows Media movie torrents
    • Troj/Invo-Zip - Windows-only, arrives by email
    • Mal/KeyGen-R - Windows-only, downloaded in torrents and from software cracking repositories
    • Mal/Packer - Windows-only, associated with a lot of dodgy software downloaded from the Internet

    Top 15 OS X threats detected on OS X in the last 7 days, in order of prevalence:

    • OSX/FkCodec-A (41% of all OS X threats) - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • OSX/FakeAV-DWN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/Flshplyr-D - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/FakeAVZp-C - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-DPU - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-B - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/DnsCha-E - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Flshplyr-E - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/RSPlug-A - combination of shell script and browser plugin, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Jahlav-C - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/LogKext-A - PPC 32 bit, Intel 32 and 64 bit, installs malicious kernel extensions, keylogger installed by hand or by malware
    • OSX/FakeAv-FFN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAv-FNV - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    :1007215
  • 0

    Thanks! That's a very comprehensive threat list. Looks like there really are PPC threats out there.

    ----    Bill

    :1007217
  • 0

    Hi Andrew, 

    I have the Mal/BredoZp-B virus and the Mal/EncPk-OJ and i have exhausted all of your tutorials and downloads and updates on this site and it's still on my machine!  Please can you direct me to something that will get this off safely? I'm using a Mac running Mountain Lion.

    Also, I would PAY to have phone support. Why is this not an option for Mac users??

    PLEASE HELP! Thanks

    Rosemary

    :1016025
  • 0
    Graphicswranglr wrote:

    Hi Andrew, 

    I have the Mal/BredoZp-B virus and the Mal/EncPk-OJ and i have exhausted all of your tutorials and downloads and updates on this site and it's still on my machine!  Please can you direct me to something that will get this off safely? I'm using a Mac running Mountain Lion.

    Also, I would PAY to have phone support. Why is this not an option for Mac users??

    PLEASE HELP! Thanks

    Rosemary

    If you would like to buy Sophos Anti-Virus for Mac non-free version, that comes with 24-7-365 phone and email support have a look at: http://www.sophos.com/en-us/products/buy-now/buy-sophos-online.aspx

    If you want to keep with the free version I'd suggest the YouTube playlist of videos to get you started...

    https://www.youtube.com/playlist?list=PL_b4O8ZwWOqsJbP55d6EF0lBV9NDMaLfE

    After watch those you may want to come back and post (maybe start a fresh thread) about particular any particular problem.  The videos in the playlist cover how to scan your mac etc.  There is also the PDF Help guide: Sophos Anti-Virus for Mac OS X: Home Edition Help

    Hope that helps.

    :1016033
  • 0

    Just to add:  I think I found a piece of feedback you left on the Mac malware cleanup article.  Based on the path you quoted in that...

    /Volumes/Time Machine Backups/Backups.backupdb/R_______ S_____ MacBook Pro/Latest/...Urgent_notice_of_eviction.exe

    ...it looks like the item is in a Time Machine backup.  You probably want it gone, but for the mean time doen't worry too much about it - it can't do anything in there.  You may even want to exclude your Time Machine backups from future scans so detections like this don't come back - it's all comes down to how much you want to give to the task.

    Because Time Machine backups are files within files they're complex.  SAV can read the files and alert you but then can't cleanup.  You would need to enter Time Machine and delete the item manually, but you should have a look at the logs first so you know where in Time Machine's timeline to jump to.  Watch this:

    :1016037