Have a question?
Ask an expert!

Navigation

Used Mac Dealers
Apple History
Best Used Macs
Video Cards
Email Lists
InfoMac's Low
End Mac Forum

Favorite Sites

MacSurfer
MacMinute
MacInTouch
MyAppleMenu
InfoMac
Macs Only!
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac
   Museum
DealMac
DealsOnTheWeb
Mac2Sell
ramseeker
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End
   Mac FAQ
Abandonware
   Petition
Mac vs. PC Info

Affiliates

The Apple Store
Mac Connection
MacMall
TechRestore
MacResQ
ExperCom
Crucial Memory
batteries.com

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.

Problems viewing this page with Internet Explorer 5.5 or 6? It works fine in other browsers, including IE 7. We recommend Firefox for those using Windows, as it is standards based and more secure than IE 6 (and earlier). More LEM visitors use Firefox than any other browser.

Home / Editorial / The Lite Side

Switchback Virus Infects Macs, Nobody Notices

2003.08.13

It had to happen sooner or later. There's no glory in creating Windows worms any longer - and script kiddie can do it, and there are more holes in Windows than in a warehouse of Swiss cheese.

No, someone finally wrote the first new Mac virus in nearly a decade, the first one to specifically target OS X. Rumors lead us to believe the malware was written by a disgruntled Windows programmer at Microsoft who was sick to death of hearing how Macs never got infected with viruses, worms, Trojans, and the like.

Or maybe it was just some hapless IT guy upset because one of his clients switched from Windows to the Mac and no longer needs the kind of support they did with the OS from Redmond.

Or maybe it was someone at one of the antivirus companies upset that Mac users weren't buying enough copies of their antivirus software.

Whatever, the Switchback virus exists, and it's spreading like molasses in January.

Yep, that fast.

Switchback is one very clever virus, but it's having a hard time distributing itself, so most of the world doesn't even know it exists.

For a start, it can only infect Macs running OS X 1.2.5 or 1.2.6 (it's possible that 10.2.7 could be infected as well, although we haven't heard about infections from any G5 owners yet). So out of 25-30 million Mac users, maybe 7-8 million tops are using the right version of OS X.

Then they have to be using Safari 1.0 and visit a site displaying affiliate ads for XGeeks.com. Although these ads are presented as linking to a hot new mail order company specializing on OS X, that's just a cover. Their prices are just high enough to keep people from ordering, but the commission rate is enough to get every Mac webmaster interested enough to sign up for the program.

The ads aren't simple animated GIFs; they're JavaScript programs that install an AppleScript on the user's OS X Macintosh. When this AppleScript is run (it autoruns a few minutes after startup), it accesses your Address Book through Mail and sends itself to the first 100 users who have "mac" somewhere in their email address. The email offers recipients a 15% discount on their first order through XGeeks.com.

That's the clever part. They try to target just Mac users, and when they visit the XGeeks site, they get infected - assuming they're running the right version of OS X and Safari 1.0. And Switchback then propagates itself again, assuming the visitor has Mail configured on their computer.

Considering the size of the OS X installed base, the number of Safari 1.0 downloads, and the number of OS X users who use Mail rather than something else, we estimate that this virus could potentially infect 5,000 to 20,000 users. And it could take months to reach that level, since OS X users don't restart nearly as often as Windows or classic Mac OS users.

It's only a start, but this is the first OS X virus ever, so everyone should try to get their hands on a copy to see what makes it tick. The next X-virus might actually do something malicious. Consider Switchback a proof of concept that almost sorta works.

Of course, with the latest Window worm on the rampage, nobody but the Lite Side staff has even noticed Switchback.

And why is it called Switchback? Because when you read the source code, the first comment calls OS X users to give up their nonconformity and switch back to Microsoft Windows.

Recent Lite Sides

• What if Apple thought like a PC company?, 11.01. Apple has innovated and blazed its own trail. But what if it had followed the path taken by the PC copycats?
• How Microsoft can turn Vista lemons into lemonade, 10.22. How Microsoft could profit by no longer allowing manufacturers to sell new PCs with Windows XP installed.
• iPods that never passed beta or focus groups, 09.13. "What most Apple fans don't realize is that there were a few iPod variants that never made it out of beta testing and the focus group stage."
• Pigs fly, snow in Death Valley, and Dvorak uses a Mac, 08.03. What has the world come to when John Dvorak, founding member of the Axis of Macevil, walks into the temple of All Things Macintosh?
• More in the The Lite Side index.

Links for the Day

• Mac of the Day: 'Yikes!' Power Mac G4, Aug. 1999 - The only Power Mac G4 with PCI graphics was built on a modified G3 motherboard.
• Group of the Day: SuperMacs is for those using Umax SuperMac clones.
  
• November 21 in LEM history: 00: OS upgrades, downgrades - AltiVec vs. Pentium III - 01: Saved by the clones - Computer of the future - 02: Apple Education: Let's get to it - 03: Panther lets Macs and PCs work together, - Lombard SCSI bug - 05: 3 survivors from the 1970s - Real world battery life inadequate - Windows to Mac file transfer with Zip disks - $99 alternative to Microsoft Office - 06: Parallels 1.0 far more polished than beta

Recent Content on Low End Mac

• The Long Term Value of a High End Mac, Andrew J Fishkin, Best Tools for the Job, 11.21. Low-end Macs are more affordable up front, but the flexibility and upgrade options of a top-end Mac can make it the better value in the long run.
• iPhone #1 Worldwide, Google Voice Search for iPhone, iPhone 3G Battery Pack, and More, iNews Review, 11.21. Also British accents throw off Google voice search, lots of new iPhone apps, universal USB car charger, new protective cases, and more.
• DisplayPort Copy Protection, Trackpad Update, Netbooks Not to Be Taken Lightly, and More, The 'Book Review, 11.21. Also Apple set for record sales, 4-finger gestures on original MacBook Air, MacBook Apple's best consumer notebook to date, Cricket laptop stand, bargain 'Books from $490 to $2,299, and more.
• 15 Reasons Macs Are Better, Quad-core iMac in January?, USB 3.0 Spec Finalized, and More, Mac News Review, 11.21. Also 25 years of Macs, 'Snow Leopard' in Q1?, SimpleTech's faster and greener hard drive, Hyperspaces, StarOffice for OS X, and more.
• Virtualization Shootout: VMWare Fusion 2 vs. Parallels Desktop 4, Kev Kitchens, Kitchens Sync, 11.20. Both programs do the same thing, but one runs Windows XP smoothly alongside Mac apps, while the other bogs down everything but Windows.
• Just Right: Papa Bear, Mama Bear, and Baby Bear MacBooks, Charles W. Moore, 'Book Value, 11.20. Some people like small and light notebooks, others prefer huge desktop replacements, but the best value tends to be in the middle.
• Apple Caves to Hollywood with DRM on iTunes Videos, Frank Fox, Stop the Noiz, 11.20. HDCP on the new MacBooks means that you may never really own those videos you buy from the iTunes Store.
• Leopard Runs Very Nicely on PowerPC Macs, Simon Royal, Mac Spectrum, 11.19. Some claim that Mac OS X 10.5 is so optimized for Intel Macs that it runs poorly on PowerPC hardware. That's simply not the case.
• No High Definition iTunes Video for You, Dan Knight, Mac Musings, 11.19. The October 2008 MacBooks are preventing users from viewing some high-def iTunes content from being viewed on their external displays. Poor form!
• Every Working Computer Is Useful to Someone, Allison Payne, The Budget Mac, 11.19. Whether it's a PowerBook 1400, G3 iMac, or Power Mac G4, it could be all the computer someone needs.
• 3 WeatherBug Options for Apple Users, Charles W. Moore, Miscellaneous Ramblings, 11.19. Have instant access to current local weather conditions with a Dashboard widget, iPhone app, or Firefox plugin.
• More links in our archive.

Recent Deals

• Best Power Mac G4 and AGP Video Card Deals, 11.20. Used 400 MHz, $50; 733, $100; 800, $199; 1.25 GHz, $300; 800 MHz dual, $200, 867, $300; 1 GHz, $350; 1.42, $400.
• Best iBook G3 Deals, 11.20. Used 300 MHz clamshell, $150; 366, $199; 800 CD, $180; 600 CD-RW, $240; 700 Combo, $290; 900, $369; 14" 600, $360; 900, $449.
• Best Power Mac G3 and PCI Video Card Deals, 11.20. Used beige 300 MHz, $25; blue & white 350, $80; 400, $90; 450, $105; PCI video cards from $15; shipping additional.
• Best iMac G4 Deals, 11.18. Used 15" 700 MHz Combo, $243; 800 MHz, $280; 1 GHz, $380; 17" 1.25 GHz SuperDrive, $400; 20", $549.
• Best MacBook Air Deals, 11.18. New 1.6 80, $1,150 after rebate; 120, $1,744 a/r; 1.8 80, $1,794 a/r; 1.6 128 SSD, $2,150; used 1.8 64 SSD, $1,500; new, $2,200 a/r; 1.86, $2,398 a/r.
• Best Mac OS X 10.0-10.3 Deals, 11.18. Mac OS X 10.0.3, $30; 10.1, $20; 10.2, $60; 10.3 CD, DVD, $100; CD, $119; 10.1 Server, unlimited users, $58; 10.3 Server, unlimited, $150.
• Best iPod nano Deals, 11.17. Refurb 3G/4 GB, $79; new, $114; refurb 8 GB, $99; new, $125; 3G/8 GB, from $134; 16 GB, from $189. Prices include ground shipping.
• Best Titanium PowerBook G4 Deals, 11.17. Used 1 GHz with SuperDrive, $478 plus shipping.
• Best Xserve deals, 11.17. Used G4/1 GHz, $999; G5/2 GHz, $1,288; new 2.0 4-core Xeon, $1,900; refurb 3.0 4-core, $2,599; 2.8 GHz, $2,499; 3.0 8-core, $3,499.
• More deals in our archive.

<go to the Lite Side index>

Entire Low End Mac website copyright ©1997-2008 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.