Symantec.com
Partners
About Symantec
cartShopping
WelcomeProductsViruses & RisksSupportDownloadsStore
Home & Home Office
Symantec.com > Home & Home Office > Support > Knowledge Base


PRINT THIS SOLUTION PRINT THIS SOLUTION

RATE THIS SOLUTION RATE THIS SOLUTION

Are Macintoshes affected by mass-mailing viruses or worms?

Situation:
You were told or you suspect that your Macintosh is infected with a mass-mailing virus, such as Sobig, Klez, Bugbear, Aliz, Goner, Badtrans, Sircam or Nimda.

Solution:
To date, there is only one known mass-mailing worm that can infect the Macintosh. This worm, known as Mac.Simpsons@mm, is an AppleScript worm that can infect a Macintosh running Mac OS 8 - 9 and cannot infect Mac OS X. Norton AntiVirus for Macintosh versions 5 through 9, with virus definitions dated July 2001 or later, can detect this worm.

Some Windows-specific mass-mailing email worms exploit a vulnerability in the Windows versions of Microsoft Outlook and Outlook Express. The Macintosh versions of Microsoft Outlook Express and Entourage do not have this vulnerability.

Since a worm or virus can be email based, a Macintosh user could pass on the worm or virus through an infected email, by manually forwarding it to a Windows user. If you receive an email infected with, or carrying a worm or virus, then delete the email and do not forward or reply to it. Deleting an infected email removes the virus from your computer. If you open this email or choose not to delete it, nothing will happen. It is best to delete the email, because there is no reason to keep it. The only way you can infect a PC with the virus or worm, is by forwarding an infected email to a person using a PC. The virus or worm cannot do anything on the Macintosh operating system because it will only work on a PC using a Microsoft Windows operating system.

Note: If you have software such as Virtual PC, SoftWindows or SoftPC, which emulate a Windows environment on your Macintosh, your virtual Windows operating system (OS) can become infected with PC viruses or worms. To protect this type of environment, you must have virus protection installed in your virtual Windows OS, such as Norton AntiVirus for Windows. If you decide to protect your virtual Windows environment with Norton AntiVirus for Windows, please note that Symantec does not support their software when it is installed in emulation environments.


Email spoofing
Mass-mailing worms often use a technique called "spoofing." When a mass-mailing worm performs its email routine, it randomly selects an email address from somewhere on the infected computer. It then uses that random email address in the From field, and emails an infected email to other email addresses it finds on the infected computer. There have been many cases reported to Symantec where users of Macintosh computers receive complaints that they sent an infected message to someone. Because the mass-mailing worm does not use the email address of the infected computer in the email it sends, there is no way to know where the infected email came from.

Example of email spoofing
Linda has a Windows-based computer infected with a mass-mailing worm. The mass-mailing worm creates a new email and searches Linda's computer for email addresses. The worm finds email addresses for Harold and Janet on Linda's computer and then inserts Harold's email address into the "From" field of the message, and Janet's email address into the "To" field. The worm then attaches itself to the email message and sends it to Janet. When Janet receives the message, her antivirus software tells her the message is infected with a virus. Janet contacts Harold, because his email address is in the "From" field, and complains that he sent her an infected message. When Harold scans his Macintosh with his antivirus software, no virus is detected. This is because his Macintosh does not have the virus, and he did not send the message to Janet. There is no way for Janet to know that the virus came from Linda's computer.

You may receive a message that appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you may receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send an email and the attempt failed. This type of message may also be generated through email "spoofing."


References:
Below are links to documents about specific worms/viruses that infect Windows-based computers and cannot infect or harm a Macintosh.

Are Macintoshes affected by the Klez virus?
Are Macintoshes affected by the Sobig worm?
Are Macintoshes affected by the W32.Opaserv.worm or W32.Bugbear@mm viruses?
Are Macintoshes affected by the Goner, Badtrans or Aliz viruses?
Are Macintoshes affected by the SirCam virus?
Are Macintoshes affected by the Nimda virus?


 

Available Translations:


RATE THIS SOLUTION
Was this solution helpful to you?
Yes
No
If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service.

NOTE: Comments entered here will NOT recieve a personal email response.


Document ID: 2003082109055811
Last Modified: 03/12/2004
Date Created: 08/21/2003
Operating System(s): Mac OS 8.1 - 9.x, Mac OS X v10.1.x, Mac OS X v10.2.x, Mac OS X v10.0.x
Product(s): MAC - Department, Norton AntiVirus 5.0 - Mac, Norton AntiVirus 6.0 - Mac, Norton AntiVirus 7.0 - Mac, Norton AntiVirus 8.0 - Mac, Norton AntiVirus 9.0 - Mac


Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation