Low End Mac Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com

OWC: We Make DIY Upgrading Easy! Maximize your Apple MacBook / MacBook Pro. Up to 8.0GB Memory, up to 1.0TB HD & More. Easy Guide + Free, Detailed Installation Videos. Click here

Don't install Parallels to play poker online! Poker Mac will show you how to download and install a native Mac poker application such as Full Tilt Poker Mac.

Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Compare products like desktop computers, apple laptops, apple macs, and LCD Monitors side by side! All the information and reviews to make the best purchasing decision for new mobile phones, sat nav systems, or MP3 players. The Ciao online shopping community makes searching products easy for you.

The Lite Side

Switchback Virus Infects Macs, Nobody Notices

- 2003.08.13

It had to happen sooner or later. There's no glory in creating Windows worms any longer - and script kiddie can do it, and there are more holes in Windows than in a warehouse of Swiss cheese.

No, someone finally wrote the first new Mac virus in nearly a decade, the first one to specifically target OS X. Rumors lead us to believe the malware was written by a disgruntled Windows programmer at Microsoft who was sick to death of hearing how Macs never got infected with viruses, worms, Trojans, and the like.

Or maybe it was just some hapless IT guy upset because one of his clients switched from Windows to the Mac and no longer needs the kind of support they did with the OS from Redmond.

Or maybe it was someone at one of the antivirus companies upset that Mac users weren't buying enough copies of their antivirus software.

Whatever, the Switchback virus exists, and it's spreading like molasses in January.

Yep, that fast.

Switchback is one very clever virus, but it's having a hard time distributing itself, so most of the world doesn't even know it exists.

For a start, it can only infect Macs running OS X 1.2.5 or 1.2.6 (it's possible that 10.2.7 could be infected as well, although we haven't heard about infections from any G5 owners yet). So out of 25-30 million Mac users, maybe 7-8 million tops are using the right version of OS X.

Then they have to be using Safari 1.0 and visit a site displaying affiliate ads for XGeeks.com. Although these ads are presented as linking to a hot new mail order company specializing on OS X, that's just a cover. Their prices are just high enough to keep people from ordering, but the commission rate is enough to get every Mac webmaster interested enough to sign up for the program.

The ads aren't simple animated GIFs; they're JavaScript programs that install an AppleScript on the user's OS X Macintosh. When this AppleScript is run (it autoruns a few minutes after startup), it accesses your Address Book through Mail and sends itself to the first 100 users who have "mac" somewhere in their email address. The email offers recipients a 15% discount on their first order through XGeeks.com.

That's the clever part. They try to target just Mac users, and when they visit the XGeeks site, they get infected - assuming they're running the right version of OS X and Safari 1.0. And Switchback then propagates itself again, assuming the visitor has Mail configured on their computer.

Considering the size of the OS X installed base, the number of Safari 1.0 downloads, and the number of OS X users who use Mail rather than something else, we estimate that this virus could potentially infect 5,000 to 20,000 users. And it could take months to reach that level, since OS X users don't restart nearly as often as Windows or classic Mac OS users.

It's only a start, but this is the first OS X virus ever, so everyone should try to get their hands on a copy to see what makes it tick. The next X-virus might actually do something malicious. Consider Switchback a proof of concept that almost sorta works.

Of course, with the latest Window worm on the rampage, nobody but the Lite Side staff has even noticed Switchback.

And why is it called Switchback? Because when you read the source code, the first comment calls OS X users to give up their nonconformity and switch back to Microsoft Windows.

Recent Lite Sides

You Might Be a Computer Geek If..., 06.17. 20 signs that you just might possibly be a computer geek.
What if Apple thought like a PC company?, 11.01. Apple has innovated and blazed its own trail. But what if it had followed the path taken by the PC copycats?
How Microsoft can turn Vista lemons into lemonade, 10.22. How Microsoft could profit by no longer allowing manufacturers to sell new PCs with Windows XP installed.
iPods that never passed beta or focus groups, 09.13. "What most Apple fans don't realize is that there were a few iPod variants that never made it out of beta testing and the focus group stage."
More in the The Lite Side index.

Links for the Day

Mac of the Day: 17" iMac G4/800 MHz, July 2002 - The iMac 'grows up' with a 17" 1440 x 900 display.
Group of the Day: LisaList supports Lisa users.
November 8 in LEM history: 99: OS 9: I think I like it - 01: The simplified Mac life - Soured on Windows - Flea market Mac - 02: Little room for improvement in new 'Books - Combo drive upgrade for iceBooks - 04: Re-Porter - 05: Fix the old iMac or buy a Mac mini? - Apple's Copland project - 06: MacBook Core 2 - MacBook value equation - Cheap is as cheap does - 07: Problems with Classic mode in Tiger - The G4 Power Mac that won't run Leopard
Support Low End Mac

Recent Deals

Best Mac Pro Deals, 11.03. Used 2.66 GHz 4-core, $1,300; 3.0 8-core. $2,299; refurb 2.66 4-core Nehalem, $2,149; 2.93, $2,549; 2.26 8-core, $2,799; 2.93, $4,999.
Best iPhone Deals, 11.03. New 8 GB iPhone 3G, $$99; refurb 16 GB 3GS, $149; new, $199; 32 GB, $299.
Best 12" PowerBook G4 Deals, 11.03. Used 867 MHz SperDrive, $348; 1 GHz, $499; 1.33 Combo, $298; SD, $559; 1.5 Combo, $448; SuperDrive, $589.
Best Power Mac G3 and PCI Video Card Deals, 11.02. Used beige 300 MHz, $25; G4/366, $49; blue & white 350, $80; 400, $90; 450, $105; PCI video cards from $15; shipping additional.
Best Power Mac G4 and AGP Video Card Deals, 11.02. Used 400 MHz, $50; 733 MHz, $69; 933 MHz, $209; 1.25 GHz dual, $299.
Best 15" MacBook Pro Deals, 11.02. Used 2.0 GHz, $800; 2.2, $900; 2.4, $1,000; refurb 2.53, $1,449; 2.66, $1,699; 2.8, $1,949; 3.06, $2,169; new 2.53, $1,579; 2.66, $1,799; more.
Best Mac mini Deals, 10.30. Used 1.33 GHz G4 mini, $379; 1.42, $389; 1.5, $419; 1.83 GHz Core Duo, $350; Core 2, $439; new 2.26 GHz nVidia, $580; 2.53 GHz, $770; Server, $990.
Best G4 iBook Deals, 10.30. Used 12" 1.07 GHz Combo, $225; 1.33 GHz, $298; 14" 1 GHz, $349; 1.33 GHz, $398; 1.42 GHz SuperDrive, $498.
Best Classic Mac OS Deals, 10.30. System 6.0.8 floppies, $10; 7.1, $12; 7.5, $20; 7.5 CD, $4; 7.6 $13; 8.1, $11; 8.5, $20; 8.6, $90; 9.0, $20; 9.2.2, $30.
More deals in our archive.

About LEM | Support | Usage | Privacy | Contacts

Entire Low End Mac website copyright ©1997-2009 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
Access our RSS news feed at http://lowendmac.com/feed.xml.
Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.