View Full Version : Heads Up to Mac Users

05-04-2005, 10:24 PM
The last couple of days have seen a surge in reportings of a Mac OS X trojan named Hacktool.Underhand. There is a real trojan by this name (info can be found at http://www.cowfight.com), but this story appears more interesting.

Those reporting infection have the following similarities:
- Run Norton Antivirus or Systemworks
- Have downloaded recent virus definitions (or have connected to the web and probably been unaware that their definitions were updated).
- Get a message from NAV to say that their system is infected with Hacktool.Underhand, and that it cannot be deleted.

NAV is 'finding' this trojan in the swapfiles and is trying to delete those swapfiles - Bad idea! Hence most of the infected are also reporting kernal panics and crashes.

At this time it *seems* to be that NAV is suffering from a false positive detection, rather than detecting the real presence of a trojan.

Those who uninstall NAV, or delete the recent virus definitions appear to become symptom-free.

Unofficial word is that this behavior has been noted as a false positive by Symantec in customer service responses, and that the May 4 virus definitions correct this issue. As of writing, I do not believe that an official response has been published by Symantec.

More information can be found at http://discussions.info.apple.com/ by searching for 'hacktool', and at http://www.macintouch.com

Disclaimers: Note that I'm just relaying info that has been posted elsewhere, as I have no personal experience on this issue, and I do not use NAV myself. I am neither encouraging nor discouraging continued use of Symantec Norton Antivirus / Systemworks.

05-05-2005, 08:00 AM
OK, users are confirming that this was a NAV problem, and that the latest virus definitions fix the bug!