Even a consultant can get attacked

Three days ago, my MacBook started acting funny.  It appeared to be a keyboard problem, or, at least, that's how I was leaning.  I have been having trouble with the Caps-Lock key for a few months, so that was on my mind when the trouble began.

Here are the symptoms I experienced:
  • When I clicked on a drop-down menu (e.g., the Apple icon or File menu, the menu would disappear when I released the click or when I tried to drag through the menu to the item I wanted.
  • Any popup request, such as "do you really want to reboot the system" would immediately have its "Cancel" button pressed and the popup would go away.  I couldn't reboot, for goodness sake!  I had to shut down the system manually.
  • I couldn't boot into Safe Mode.
  • I couldn't use shortcuts.
  • When I tried to run the embedded scanner on my Mac, it would drop to the background and I couldn't get the foreground windows to minimize or the scanner window to maximize.  (Starting to sound a little fishy to me!)
  • In a list of items, such as my Inbox in Entourage, I couldn't select a contiguous list using the Shift key, nor could I use the Command key to select multiple, non-contiguous items.
  • When I tried to run Activity Monitor, I couldn't bring the main windows up, no matter what I did.  The application was running, but I couldn't see it.  This is the point where I started to think seriously about it being malware.

The good newses* are:

  1. I backup with Time Machine, so if it is really bad, I can get a new hard drive and reinstall everything.
  2. I have another Mac, so I can run the scan from the iMac but slave my McBook to it as a hard drive.
  3. I have the special Firewire cable required to do the job.

Turns out, my MacBook was infected with the:

Javs/TrojanDownloader.OpenStream.W trojan

It's been removed from my Mac and all is well (or appears to be.  I will be checking my credit card charges more often for a while just to be sure.)

The two takeaways from this are:

  1. Macs CAN get infected these days.
  2. Malware CAN get by security software.
  3. ALWAYS, ALWAYS, ALWAYS back up your data!
  4. Even someone who takes great care can have their computer get infected.  No one is immune.

(There are three types of people in the world - those who can count and those who cannot.)

I don't know how the trojan got on my Mac, so I'll be watching the 'Net for more info.

I used the assistance of the expert computer folks who hang out at Experts-Exchange.com.  As often happens there, I am indebted to "strung" for helping solve the problem.  The thread can be found here (you may need to create an account to see it, but there are free accounts):

http://www.experts-exchange.com/Apple/Operating_Systems/Q_27488418.html?cid=239#a37272849

Check me out on FaceBook (www.facebook.com/PlaitSlolutions).  "Like" my company while there, please!

____________________________________________________

* - Yeah.  I know.  It just sounded like that ought to be the word to use.

Posted by Sid Plait at 12/13/2011 5:50 AM
Categories: Malware, Cybercriminals, Macintosh, All, Computers, Apple, Technology, TBGs - The Bad Guys
Tags: Mac OS malware Security cybercriminals cyber crime ESET CyberSecurity for Mac ESET Mac security Internet security Online Security Apple Trojan Horse Experts Exchange home computer protection infection Mac infection Mac malware security breach Trojan trojans virus virus protection Personal Security strung
Previous Post
Next Post

 

What did you think of this article?




Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
Display comments as (Linear | Threaded)

  • 12/18/2011 9:44 AM Ivan3Man_At_Large wrote:
    I've been using computers – all three of them Windows-based machines – for over ten years now and I've never had any virus or serious malware issues, not even once; I think that is because I've always maintained very tight security on my computers – but then again, maybe I've just been lucky!

    Anyway, I'm seriously thinking of getting myself a cheap computer from eBay for the sole purpose of deliberately letting it get infected with a virus and/or malware just for some laughs – and also to get some useful experience in sorting out the problem of a corrupted computer!
    Reply to this
    1. 12/22/2011 4:01 PM Sid Plait wrote:
      I had heard that people living on the underside of the planet are a bit daft, and now I know that at least one is!

      Ivan, you have knowledge that most people don't about how to care for your computing environment, as do I.  Yes, you've been lucky to some extent, but my guess is you are also careful.   I also guess you don't use Internet Explorer, you keep Windows, Adobe, and Java up to date, and perform other little tasks you likely don't even think about any more that add to your safety.

      I am also careful, but I have been invaded a couple of times over the years.  This one I still haven't researched, so I don't know how I got it.  I'll look at it this weekend and see what's out there about this bug.  I'll post when I find anything relevant.

      Reply to this
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.