It’s a common belief that Macs are safer than PCs because most computer viruses are designed to attack Windows machines and not Macs.
Recent high-profile Mac-targeted viruses like MacDefender and Flashback suggest that any remaining grain of truth to that long-held idea may be vanishing. Although Macs haven’t been the focal point for attacks over the years, they haven’t been completely immune to malware, either.
Here are 10 examples of Mac malware over the years:
- Elk Cloner, 1982: This innocuous creation of high school student Richard Skrenta infected 5.25” floppy disk boot sectors, flashing a hokey poem on-screen every 50th boot. Though that was the extent of its damage, Elk Cloner is thought to be the first widespread, self-replicating Apple virus, paving the way for future malware with far worse intentions.
- nVIR, 1987: The nVIR virus was initially spread via a floppy disk before its source code was made widely available for others to deploy. It caused application crashes, printing errors and could slow down systems or even crash them altogether. Some claimed it also caused periodic beeping during startups and would even tell users “Don’t panic.”
- MDEF, 1990: Also known as Garfield, this virus infected a wide array of Mac models and while it didn’t intentionally cause damage it still crashed systems and damaged files.
- Concept/Laroux, 1995-1996: These two groundbreakers marked the dawn of viruses written into widely used software applications. W.M. Concept shipped in 1995 with Microsoft Word for Mac CD ROMs, though all it did was display a ‘1’ message on infected machines. Laroux popped up in Microsoft Excel around the same time, though it didn’t hit Macs until the release of Excel 98. Like Concept, Laroux was largely innocuous – it merely appended a macro sheet titled ‘laroux’ to users’ workbooks.
- SevenDust 666/AutoStart 9805: Here’s where it got bad. SevenDust popped up just before Halloween of ’98; it would remove all files from an infected system’s hard drive, leaving in its wake a file titled ‘666’ in the Extensions folder. AutoStart was one of the first-ever Mac worms – programs that can copy themselves from machine to machine – and it did its dirty work by exploiting a bug in QuickTime 2.0 to overwrite data files on infected systems, spreading to other systems via floppy disk, recordable CDs, hard disks and disk image files.
- Renepo/Leap-A, 2004 and 2006: Renepo showed up in 2004 as a virus that spread through direct connections between Macs, not the Internet. It disabled Mac OS X firewalls and security settings while also installing tools for password-sniffing and making vital system directories world-writeable without being detected. Leap-A was more insidious, spreading through the iChat application. It disguised itself as an image file, then would infiltrate victims’ contact lists and other components critical to OS X.
- RSPlug-A, 2007: This nasty bit of malware disguised itself as a video codec on sites with pornographic material. Once downloaded, it altered a machine’s DNS settings so that users’ web browsers would be hijacked and redirected to phishing sites or sites advertising other pornographic material. The various versions of RSPlug all stemmed from DNSChanger malware, a prominent target in the FBI’s successful 2011 takedown, Operation Ghost Click.
- iWorkS-A Trojan, 2009: This Trojan virus worked its way into the popular iWork application, and the problem may have been exacerbated by users who pirated copies of the Mac program. Once installed and activated, the Trojan communicated with a remote server to search for data, track Internet browsing history and log keystrokes.
- MacDefender, 2011: This Mac-targeted scareware is old hat for many PC users. The scam worked by using pop-ups to alert users to supposed infections on their system, at which point they were urged to immediately download an antivirus suite or update to remove the threat. Of course the threat it warned of wasn’t real – the danger was in that supposed antivirus solution. The endgame for MacDefender was to steal credit card information.
- Flashback/SabPub, 2012: These two malicious programs exploit Java vulnerabilities and were created by authors who control a massive network of over a half million infected machines. This is the strongest evidence yet that the days of Apple’s supposed invulnerability to viruses are over.