my mac is port scanning?!?

Joined
May 24, 2007
Messages
2
Reaction score
0
Points
1
Since this Tuesday at the office (we're all running macs) the internet keeps going down.
I called the ISP, they told me that one of the machines looks like it has a virus running, one of them is port scanning- and that overflowed the router and froze it.
Turns out my personal MacBook Pro matches the IP address he gave me for the port scanning machine. I was FTP'd into a server and downloading a website for backup.
He said something like ports 4400- 58,000 were being scanned sequentially and that made it seemed like there was a virus on the computer, I was shocked- and told him that we were all on macs. Perhaps the FTP client (called "fetch") failed to connect to one port and tried another and another ect. But, the tech guy also said that it wasn't on FTP protocol.
Today I've been working on securing my machine. I stopped using the Wi-fi, turned on my firewall ( I know, bad idea to not have it on ) and installed ClamXav and Little Snitch.

Perhaps I have some kind of malware? Whats going on here?
Help!
 
Joined
Mar 11, 2004
Messages
1,964
Reaction score
174
Points
63
If your Mac has a virus, phone The New York Times and tell David Pogue. It'll be the scoop of the relatively short millennium.

Clam won't do you any good. Its author acknowledges that it has no Mac-anti-virus-specific code.
 
Joined
Mar 11, 2004
Messages
1,964
Reaction score
174
Points
63
I've been trying to find the story I had read about Clam not having any OS X virus code in its database, and finally found it and other interesting information on it.

Clam's author:
ClamAV indeed does not contain definitions for Mac OS 9 (or earlier) viruses, which would not affect a Mac OS X only installation. It does however contain definitions for viruses of other platforms (preventing a Mac user from passing a virus along onto a network or allowing him to detect potential outbreaks) as well as cross-platform viruses or malicious applications that, while not specifically targeted at the Mac, could affect it — think some Java applets, for example.
Thls Clam forum thread discusses the app not including even pre-OS X virus recognition, SevenDust in this instance.

This one on an O'Reilly Network page:
If a Mac OS X virus or worm appears in the wild, it would need to be added by the ClamAV developers to the database. While there cannot be any guarantee that it will be (much like with any other anti-virus application) everything seems to indicate it will.
I also came came across this security-vulnerability warning on the Apple site. Make sure Clam is up to date.
Description: An issue in ClamAV's automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning, and automatic virus database updates are off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X v10.4.
 
OP
J
Joined
May 24, 2007
Messages
2
Reaction score
0
Points
1
ok, yeah I'm sure I don't have a virus its probally some type of error- maybe the router itself is buggy
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top