# Potential Mac virus?: "Sex18"



## Adrian. (Nov 28, 2007)

My father was looking on a site he regularly visits to purchase a machine. He clicked on a video to see a movie of a machine in operation and another window opened with a rather sexually explicit title and a window saying he needed to download the "sex18.app" in order to watch the movie. This is a trusted company site that he has visited before.

I have two questions:

Was this a web based virus that has infected the company server or is it on my computer? I think it is web based because it wanted to download onto my computer.

Secondly, is this a mac specific virus or able to attack macs?

Thanks


----------



## bgw (Jan 8, 2008)

I doubt it. It may have been a Windows virus. Usually the Mac shows a dialog box when something is downloaded. If you don't want the said item just click 'no' and it wont come down.

I suggest that the browser caches be cleaned. Then clean out the downloads folder in the account that was used when the download occurred. Lastly, check that there is no unusual programs residing in the Applications folder. If there are delete them. There are more steps that can be taken but they get kind of advanced.

Unless the virus is very tricky it will have to ask the user or admin permission before running the first time. At that point it can be stopped.

To prevent things like this happening in the future set up an 'admin' account on the machine, separate from all the other accounts. Other accounts should have their admin privileges revoked. When such a account structure is employed nothing can be installed unless it gets admin approval. This is a extra, slightly annoying, step but it can save you when bad things happen!

There is a free mac virus software called ClamXav. I don't use it. Maybe I should...


----------



## HowEver (Jan 11, 2005)

How is a pop-up window, or even a forced download, a virus at all?





Adrian. said:


> My father was looking on a site he regularly visits to purchase a machine. He clicked on a video to see a movie of a machine in operation and another window opened with a rather sexually explicit title and a window saying he needed to download the "sex18.app" in order to watch the movie. This is a trusted company site that he has visited before.
> 
> I have two questions:
> 
> ...


----------



## dona83 (Jun 26, 2005)

PC users are expecting us Mac users to look after their well being like the US is going after countries who supposedly harbour terrorists. Anti viruses on Macs are designed for nothing more than making sure files are clean before we send them to our PC using friends and colleagues. To the PC users here... GET YOUR OWN anti virus!


----------



## EvanPitts (Mar 9, 2007)

It would only really be a virus if it was able to self-replicate, and go on to infect other machines...

Looks more like some kind of malware, perhaps a trojan of some sort. Windoze does not use .app for anything (and can only handle .COM, .EXE, and .DLL files in the runtime). .app is pretty much for OSX.

Even though it may not be a "virus"; it most certainly may be some form of other malware. .app files may not actually need to be "installed", if the system grants the eXecute flag, perhaps based on some kind of hitherto unknown security breach - or hope of one. I would open the Information box, and make sure it is set Read Only - then I would trash it, followed by a Secure Empty Trash.

There have been reports of such malware, but nothing that has propagated very well. I even had one - it was a virus that was attached to an e-mail that was sent to me from my bank (a real e-mail, not a spoofed address), and though it did nothing to my system, I scanned it anyways, just out of interest. Indeed, it was a virus, and if I had a Windoze box, it would have been toast. Mac users normally do not automatically install anything that they are not familiar with; and are suspicious of anything out of the ordinary. But with the growing popularity of the platform, they are bound to be a target.

In that vein, my girlfriend's Windoze box was infected with a large number of SpyWare robots, something like 78 of them - and these I know do download on a regular basis to my Mac when I visit similar sites - though they can not do anything except suck up my bandwidth...


----------



## heebie (Dec 28, 2007)

Malware on OS X? In the form of a .app exectuable? Is this the beginning of what my friend was predicting a while back - the debut of the problems for Mac?

Hope not...


----------



## MacDaddy (Jul 16, 2001)

Holy crap guys!!! There was a huge thing about this last year with a Britney Spears video/pictures, saying you needed to download something to be able to play/view. 

Mac Users Get A Credit Card Stealing Trojan for Halloween, Security Company Reports | Threat Level from Wired.com
Macworld | First Look: Trojan Horse warning: What you need to know

So yes, I say it COULD be, and you should report it to the site and let them know what happened so it can be investigated.

Note to the rest on this thread *THE MAC IS NOT IMPENETRABLE*!!!! Harder? Yes, but stop think you are invincible!!!

On that note, I was called into the of the ladies offices today who had BlueTooth enabled on her computer and all of a sudden it popped up a dialog asking her if she wanted a file titled "c**t" and it was a JPG. I turned off BlueTooth on her computer immediately.


----------



## EvanPitts (Mar 9, 2007)

The Mac is far more secure than a Windoze box. Too many things can automatically execute on a Windoze system - Word Macros, tidbits of code, whatever... It was by design because the programmers at M$ were faced with the daunting tasks of having to support other graphics formats, other than the only official format - .bmp. So they allowed for the downloading of small programs which could render other frmats, like .jpg, .gif, and others. Well, this is one of the main vectors for viruses on Windoze. It also helped that their e-mail systems were retrograde, and purloined from other companies, and they were never truly integrated into one smooth package.

OSX has the advantage of being able to borrow from Unix/Linux, and because the Core Libraries support many more formats, and unsupported formats have to be specifically installed by the OS, it has much less problems with small tidbits of code which may or may not be viral.

However, malware that downloads .app files are not viruses - they can not automatically execute, or even install without user intervention. And that is the crux - as the face of the Mac user has changed; from one of the professional or artist or creative mind who uses a small set of high quality tools for their work - to that of the generalist who grabs any piece of software, crummy or not. It is like bait, and the old school style Mac users would probably never run some random .app file sitting in their downloads - but the average Windoze convert, well, they'll pretty much listen to anything.

Using any Windoze program inevitably leads to having to download various gadgets to get things to work - and with that in mind, a convert who is not used to the more integrated approach of a Mac may unleash a trojan (that is otherwise harmless), and follow whatever instructions it may utter. Almost all methods shown to be able to affect OSX security have been because of something done to trick the user into doing the critical steps - steps that under Windoze are not only automatic, but can be done without the user doing anything at all.

Not that it is worth being paranoid about - but these types of malware attempts will become more prevalent, and even I have seen a number of them. (The most recent was the virus-like file (the Windmill Data trojan) that the Royal Bank sent me with an e-mail). More of a concern is the number of attempts to infect Macs through the use of Flash Web Sites, or through pop-unders that can lead an unsuspecting user astray when surfing the web...


----------



## MacDaddy (Jul 16, 2001)

EvanPitts said:


> Not that it is worth being paranoid about


If you're not paranoid, you're not doing enough to protect yourself 

I have seen our Mac Servers hacked twice (Once my fault for not patching a PHP vulnerability) once through a brute force attack and they installed a rootkit and IRC server on the system. Same could be done to a desktop system if one really wanted!


----------



## polywog (Aug 9, 2007)

MacDaddy said:


> Note to the rest on this thread *THE MAC IS NOT IMPENETRABLE*!!!! Harder? Yes, but stop think you are invincible!!!


No system with a human interface is invulnerable. The weakness is not the system itself, it's the inherent necessity of granting the end user a certain amount of trust. As long as people blindly install and run applications under the assumption that they're safe because "it's not windows*" there is a very real threat.

Even if the end user can't trash OS X easily, they most certainly can trash their home directory. Quite frankly, that's where all of my important stuff is...

*The underlying security in NT and above is quite a bit more powerful than UNIX and UNIX like systems. The problem is the implementation, or at least was.


----------



## Guest (May 16, 2008)

polywog said:


> *The underlying security in NT and above is quite a bit more powerful than UNIX and UNIX like systems. The problem is the implementation, or at least was.


Not really. NT security is a bad knockoff of older unix based setups, but I can't argue that their implementation is poor


----------



## krs (Mar 18, 2005)

I see a fair amount of speculation in this thread.
Has anyone even 'googled' sex18.app to see what it is/might be?

All that comes up on google is this very ehMac thread - nothing else.


----------

