Virus: OSX.MachArena.A virus (aka OSX.Macarena) Discovered: November 2, 2006
Risk: Very low

Description: This proof-of-concept virus, which has not yet been seen
in the wild, was published on a hacker Web site. The virus can only
infect Intel-based OS X computers. It consists of a C source file, an
Assembler ‘dropper’ file, and documentation that explains how to
create a virus that can infect Macintosh OS X binary files. Compiling
the source code creates two binaries, the OS X virus file itself, and
the dropper. The dropper is intended to infect Mac OS X binary files
from a Windows installation on the current machine. This can be
either via Apple’s Boot Camp, or via a virtualization application
such as Parallels Desktop for Mac. The virus only infects mach-o
binary files, not Universal or PowerPC binaries. Mach-o (Mach object
file format) is the native file format used for executables by Mac OS
X’s Mach kernel. The virus does not carry a payload. When run it
infects other executables in the current directory, regardless of
their name or extension.

Means of protection: Intego VirusBarrier X and VirusBarrier X4
(, with virus definitions dated
November 3, 2006 or later, protect against this virus. VirusBarrierX
recognizes the virus and the dropper file under the names
OSX.MachArena.A and OSX.MachArena.Dropper.A.