03 November 2006, 13:50

Macarena: once again no more than a demo virus for Mac OS X

Symantec has been predicting for quite a while now that virus authors would increasingly dedicate their attention to the Mac platform and that Macs were becoming a tempting target for hackers. However, a newly discovered Mac OSX virus is hardly the firewall breach that the antivirus software makers have been prophesising.

The malware, dubbed "Macarena" in tribute either to the summer music hit of 1996 or to the game Quake Arena, has a certain proof-of-concept character to it, Symantec reports. What exactly that means is not cogently explained in Symantec's virus description. The virus nevertheless infects other data in the folder in which it is started, regardless of extension. It appears not to possess an internal processing routine of its own. It may require the aid of the user to spread it by sending it out by mail or passing it via removable storage media.

The distribution of the 528 Byte bug is low; while Symantec does not provide an estimate, somewhere between zero and 49 infections are believed to have been reported. It is also unclear where it came from. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). This passage was removed in an updated version.

Back in the middle of the year, McAfee diagnosed a strong rise in vulnerabilities in Mac OS X. While it is true that none of the bugs for Mac OS X had managed to achieve wide dissemination, this has typically reflected programming errors by the virus authors and the still-minor market share of the OS. Exploit code for the Mac is easy to find on the internet, the security vendor claims, which makes it likely that Mac OS X will soon be faced with the same plagues as Windows: botnets, spyware, spam and DDoS attacks. For their part, Mac partisans note that they are still waiting for the first hard proof.

Please see also: