Navigation

Used Mac Dealers
Apple History
Video Cards
Email Lists

Favorite Sites

MacSurfer
MacMinute
MacInTouch
MyAppleMenu
InfoMac
Macs Only!
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac
   Museum
DealMac
DealsOnTheWeb
Mac2Sell
ramseeker
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End
   Mac FAQ
Abandonware
   Petition
Mac vs. PC Info

Affiliates

The Apple Store
Mac Connection
MacMall
TechRestore
ExperCom
Crucial Memory
batteries.com

Have a question?
Ask an expert!

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.

Problems viewing this page with Internet Explorer 5.5 or 6? It works fine in other browsers, including IE 7. We recommend Firefox for those using Windows, as it is standards based and more secure than IE 6 (and earlier). More LEM visitors use Firefox than any other browser.

Home / Editorial / The Lite Side

Switchback Virus Infects Macs, Nobody Notices

2003.08.13

It had to happen sooner or later. There's no glory in creating Windows worms any longer - and script kiddie can do it, and there are more holes in Windows than in a warehouse of Swiss cheese.

No, someone finally wrote the first new Mac virus in nearly a decade, the first one to specifically target OS X. Rumors lead us to believe the malware was written by a disgruntled Windows programmer at Microsoft who was sick to death of hearing how Macs never got infected with viruses, worms, Trojans, and the like.

Or maybe it was just some hapless IT guy upset because one of his clients switched from Windows to the Mac and no longer needs the kind of support they did with the OS from Redmond.

Or maybe it was someone at one of the antivirus companies upset that Mac users weren't buying enough copies of their antivirus software.

Whatever, the Switchback virus exists, and it's spreading like molasses in January.

Yep, that fast.

Switchback is one very clever virus, but it's having a hard time distributing itself, so most of the world doesn't even know it exists.

For a start, it can only infect Macs running OS X 1.2.5 or 1.2.6 (it's possible that 10.2.7 could be infected as well, although we haven't heard about infections from any G5 owners yet). So out of 25-30 million Mac users, maybe 7-8 million tops are using the right version of OS X.

Then they have to be using Safari 1.0 and visit a site displaying affiliate ads for XGeeks.com. Although these ads are presented as linking to a hot new mail order company specializing on OS X, that's just a cover. Their prices are just high enough to keep people from ordering, but the commission rate is enough to get every Mac webmaster interested enough to sign up for the program.

The ads aren't simple animated GIFs; they're JavaScript programs that install an AppleScript on the user's OS X Macintosh. When this AppleScript is run (it autoruns a few minutes after startup), it accesses your Address Book through Mail and sends itself to the first 100 users who have "mac" somewhere in their email address. The email offers recipients a 15% discount on their first order through XGeeks.com.

That's the clever part. They try to target just Mac users, and when they visit the XGeeks site, they get infected - assuming they're running the right version of OS X and Safari 1.0. And Switchback then propagates itself again, assuming the visitor has Mail configured on their computer.

Considering the size of the OS X installed base, the number of Safari 1.0 downloads, and the number of OS X users who use Mail rather than something else, we estimate that this virus could potentially infect 5,000 to 20,000 users. And it could take months to reach that level, since OS X users don't restart nearly as often as Windows or classic Mac OS users.

It's only a start, but this is the first OS X virus ever, so everyone should try to get their hands on a copy to see what makes it tick. The next X-virus might actually do something malicious. Consider Switchback a proof of concept that almost sorta works.

Of course, with the latest Window worm on the rampage, nobody but the Lite Side staff has even noticed Switchback.

And why is it called Switchback? Because when you read the source code, the first comment calls OS X users to give up their nonconformity and switch back to Microsoft Windows.

Recent Lite Sides

• You Might Be a Computer Geek If..., 06.17. 20 signs that you just might possibly be a computer geek.
• What if Apple thought like a PC company?, 11.01. Apple has innovated and blazed its own trail. But what if it had followed the path taken by the PC copycats?
• How Microsoft can turn Vista lemons into lemonade, 10.22. How Microsoft could profit by no longer allowing manufacturers to sell new PCs with Windows XP installed.
• iPods that never passed beta or focus groups, 09.13. "What most Apple fans don't realize is that there were a few iPod variants that never made it out of beta testing and the focus group stage."
• More in the The Lite Side index.

Links for the Day

• Mac of the Day: Clamshell iBook G3/300 MHz, Sep. 1999 - innovative, rugged, heavy, clamshell laptop introduced AirPort and was a huge hit.
• Group of the Day: G-Books is for G3 PowerBooks and iBooks.
  
• July 3 in LEM history: 00: Best sounding games - 01: Bumper snickers - Overheated IBM leads to air cooled iMac - 03: Panther: Pull the plug on the beige G3 - 1.1 GHz PowerPC 750GX - 08: Mac Portable started a notebook revolution
• Support Low End Mac

Recent Content on Low End Mac

• iPhone 3GS Overheating, Battery Life App, 240 GB Upgrade for 5G iPod, Total Baby App, and More, iNews Review, 07.02. Also low cost international calls, U-verse remote DVR control, Sync Blocker USB-to-Dock cable, Rocket Taxi improved, and more.
• MacBooks Top Amazon Sales, EFI 1.7 Problems, Pros and Cons of Built-in Batteries, and More, The 'Book Review, 07.02. Also make a bootable SD Card, Leopard on a 9" Dell netbook, MacBook Pro and Air reviews, triple WiFi range, bargain 'Books from $179 to $2,300, and more.
• Apple Tops in Satisfaction Again, Slim Profits on Mac mini, Ultimate Photo Setup, and More, Mac News Review, 07.02. Also tips for cloning hard drives and moving files from old Macs, Clickfree Transformer turns USB drive into a backup drive, maximum Mac Pro RAM, and more.
• Refurb MacBook Pro Deal, Fastest Mac Browser, 256 MB Modules for WallStreet, and More, Charles W. Moore, Miscellaneous Ramblings, 07.01. Also more Safari 4 feedback, praise for Camino, MacBook cracks, looking for Craigslist software for Macs, and more.
• Amazon.com v. Interstate Sales Tax: Everyone Loses, Dan Knight, Mac Musings, 07.01. Amazon.com is standing up to states that are trying to have it collect sales tax on interstate commerce, which most see as a violation of federal law.
• Introduction to Autofs in Mac OS X, Keith Winston, Linux to Mac, 07.01. "Autofs is often used in enterprise environments to set up network-based home directories and other network mounts for users at login."
• Optimized Software Builds Bring Out the Best in Your Mac, Dan Knight, Online Tech Journal, 06.30. Applications compiled for your Mac's CPU can load more quickly and run faster than ones compiled for universal use.
• Checking Out Safari 4 on an Old PowerBook, Charles W. Moore, 'Book Value, 06.30. Safari 4 is the fastest it's ever been, but it's not without some frustrating drawbacks.
• Intel's Promise Fulfilled: More Processing Power per Processor Cycle, Dan Knight, Mac Musings, 06.30. Apple promised improved CPU efficiencies when it announced the move to Intel in 2005. Three years of MacBooks show the progress.
• Is Steve Jobs' Health Essential to Apple's Future?, Frank Fox, Stop the Noiz, 06.30. Steve Jobs' health is an important thing, but Apple has demonstrated that it can be profitable without him.
• More links in our archive.

Recent Deals

• Best Mac Pro Deals, 07.02. Used 3 GHz 4-core, $2,000; 3.2 8-core, $2,900; refurb 2.8 8-core, $2,399; new 2.66 4-core, $2,290 a/r; 2.26 8-core, $3,070 a/r; 2.66, $4,499; more.
• Best Mac OS X 10.4 'Tiger' Deals, 07.02. Full version DVD, $140; 5 user family pack, $370; 10-user Server, $299.
• Best 17" PowerBook G4 Deals, 07.02. Used 17" 1 GHz PowerBook, $689; 1.67 GHz, $749; hi-res, $1,029.
• Best Xserve Deals, 07.02. Used 2 GHz single G5, $800; dual, $1,000; refurb 2.8 GHz 4-core Xeon, $2,100; new 2.26 4-core Nehalem, $2,888; 8-core, $3,449; 2.66, $4,799; 2.93, $5,999.
• Best iPod touch Deals, 07.01. Refurb 2G/8 GB, $179; 16 GB, $259; iG/32 GB, $279; new 2G/8 GB, $215; 1G 16 GB, $210; 2G, $275; 2G/32 GB, $369. Prices include shipping.
• Best 13" MacBook & MacBook Pro Deals, 07.01. Used 1.83 GHz, $595; 2.0, $629; new 2.0, $889; 2.13, $925 after rebate; refurb 2.0 Unibody, $949; 2.4, $1,099; new 2.26 MBP, $1,119 a/r; more.
• Best 12" PowerBook G4 Deals, 07.01. Used 867 MHz Combo, $400; 1.33 GHz, $448; 1.5 GHz, $599; 1 GHz SuperDrive, $509; 1.33 GHz, $599; 1.5 GHz SD, $679.
• Best Apple TV Deals, 07.01. Refurb 40 GB Apple TV, $199; new, $220; refurb 160 GB, $279; new, $320. Prices include ground shipping.
• Best G4 iBook Deals, 06.29. Used 12" 800 MHz Combo, $290; 1 GHz CD, $299; Combo, $370; 1.33 GHz, $428; 14" 1 GHz Combo, $399; 1.2, $465; 1.42 GHz, $500.
• Best Power Mac G3 and PCI Video Card Deals, 06.29. Used beige 300 MHz, $25; G4/366, $39; blue & white 350, $80; 400, $90; 450, $105; PCI video cards from $15; shipping additional.
• Best Mac OS X 10.0-10.3 Deals, 06.29. Mac OS X 10.0, $30; 10.1, $20; 10.2, $60; 10.3, $50; 10.3 Server, unlimited users, $130.
• Best Time Capsule and AirPort Deals, 06.29. Close-out 500 GB Time Capsule, $199; 1 TB, $350; AirPort Extreme Base Station, $130; refurb AirPort Express, $85.
• More deals in our archive.

<go to the Lite Side index>

Entire Low End Mac website copyright ©1997-2009 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.