Mac Virus - An Unfortunate Reality


The Mac virus is a reality, unfortunately. As the number of Mac users is continually growing, so will the number of virus creators.

In April 2009, iBotNet caused a huge stir with many calling it the first real Macintosh virus.

Mac Virus

But, this is definitely not the first attempt.

History of Mac Viruses


Elk Cloner

This relatively harmless virus affected Apple II computers, infecting 5.25 inch floppy disk boot sectors. At every 50th boot, a poem appeared:

Elk Cloner:
The program with a personality

It will get on all your disks
It will infliltrate your chips
Yes! It's Cloner!

It will stick to you like glue
It will modify ram too
Send in the Cloner!



Spread initially through floppy disks, this virus caused application crashes, laser printing errors, slow system response time and sometimes system crashes. Some infected computers would beep every 8-16 times they were restarted and tell the user, "Don't Panic."

May 1990

MDEF (aka Garfield)

This virus was discovered when a number of Macs attached to public laser printers failed to drop menus. It infected application and system files in Macintosh 128K and 512K, 512KE, Mac Plus, SE, SE/30, II, IIx, IIcx, IIci and IIfx computers.

April 1994


This Mac virus alters applications, documents and system files. It may also cause unexpected program failures or system crashes. In other words, your Mac may function like a PC.

July 1995

Hypercard HC-9507

Infects HyperCard stacks only. Not systems applications or files. It can spread to other running HyperCard stacks and other randomly chosen stacks on the startup disk. The screen may fade in and out, your Mac will shut down or lock up (ala Windoze) and the word "pickle" may inadvertently appear in your text.

November 2006


As harmless as the dance, this is a simple, appending parasitic virus. It infects files in the current folder of the infected computer. It is dubbed by Symantec as the "first known fully functional Mach-O file infecter virus." Does not harm Macs running on Power-PC.

The author apparently had some difficulty in creating the virus as noted in the program, 'so many problems for so little code.'

May 1998

AutoStart 9805 (aka "Hong Kong" virus)

This worm copies itself to other disk partitions so that it becomes active on other disk partitions. It may overwrite some data files with random gook. Infects Power-PC based systems. There is an esasy fix - turn off CDROM autorun in QuickTime.

October 1998


A malicious virus that would remove all files from the infected hard drive. It left applications and one file named "666" in the Extensions folder.

October 2004

SH/Renepo-A (aka 'Opener')

A shell script worm that disables Mac's built-in firewall and copies itself to the system's startup directory. It also attempts to locate passwords on the hard drive and installs "John the Ripper," a password cracking tool. Opener may copy itself to other networked hard drives mounted on the infected computer's desktop. It also installed tools for password-sniffing and made key system directories world-writeable, undetected. The worm was only spread when Macs connected to other Macs and not via the Internet,

February 2006

OSX/Leap-A / OSX.Oomp

Internet worm that spreads through instant messaging via iChat. Infects Power-PC based machines running Mac OS X. The file, latestpics.tgz, masquerades as a jpeg image and sends itself to people on your buddy list.

June 2008


Trojan which disables security software, steals passwords and even takes your picture using the MacBook or iMac's built-in camera. It can also take screenshots of your desktop. This virus is distributed as a supposed game or utility and exploits the Remote Desktop Agent feature of Mac OSX versions 10.4 (Tiger) and 10.5 (Leopard). One infected, the creator is able to take complete control over your Mac. Refrain from downloading these applications: AStht_v06 (3.1 MB application) or ASthtv05 (60 KB compiled AppleScript script).

November 2008


Trojan horse which contacts a remote server to download installation files. It keeps the door open for future installs. Previous versions (October 2007) installed DNSChanger which routes the user through a malicious DNS server to phishing websites. It posed as a codec on porn websites.

OSX.Lamzev.A / OSX.TrojanKit.Malez

Hacker tools that allow attackers to install backdoors. But, a potential hacker must have physical access in order to install the backdoor.

April 2009

OSX.Iservice and OSX.Iservice.B (iBotNet)

These Mac viruses are embedded in pirated copies of iWork '09 and Adobe PhotoShop CS4 shared on the popular p2p torrent network. Using different techniques to obtain the owner's password, this is the first real attempt to create a Mac botnet to launch denial-of-service attacks.

The Mac Virus Can Only Become More Prevalent

While Macintosh viruses are much more rare than their PC counterparts, they will become more common in the future. The best thing to do is protect your Mac with Mac-friendly antivirus software.

Return from Mac Virus back to Mac Security


Early Black Fri/Cyber Mon Sale at MacMall.com




Copyright © wholly-mac | All rights reserved.
This site is not affiliated with Apple Computer