An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Silver Sparrow Virus
#58043 02/22/21 08:18 PM
OP Online

Joined: Oct 2020
Just saw this earlier:

https://www.macworld.com/article/36...-sparrow-virus-and-no-one-knows-why.html

I downloaded and ran the latest version of Malwarebytes, and nothing was found. Last week I ran ClamXAV, and again, nothing was found.

Re: Silver Sparrow Virus
MartyByrde #58045 02/22/21 10:36 PM
Joined: Aug 2009
Likes: 2
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 2
As a MalwareBytes Premium user (which automatically updates and scans every hour or so) your post raised my curiosity and searched MalwareBytes threats and ClamXV for silver sparrow and neither currently identifies silver sparrow in its Mac threat list. Therefore it is not unreasonable to conclude they likely have no signature for silver sparrow yet, and without the silver sparrow signature neither product can detect it. So although both products gave your system a one shot clean bill of health it is likely meaningless as far as a potential silver sparrow infection. Even if they did have the silver sparrow signature a one shot scan does not mean you system is still clean even minutes after such a scan.

Just saying.

NOTE: Threat lists can be deceptive because not everyone uses the same name for a given threat although silver sparrow is getting enough press that is less likely.


joemikeb • moderator
Re: Silver Sparrow Virus
joemikeb #58048 02/23/21 12:07 AM
OP Online

Joined: Oct 2020
Originally Posted by joemikeb
As a MalwareBytes Premium user (which automatically updates and scans every hour or so) your post raised my curiosity and searched MalwareBytes threats and ClamXV for silver sparrow and neither currently identifies silver sparrow in its Mac threat list. Therefore it is not unreasonable to conclude they likely have no signature for silver sparrow yet, and without the silver sparrow signature neither product can detect it. So although both products gave your system a one shot clean bill of health it is likely meaningless as far as a potential silver sparrow infection. Even if they did have the silver sparrow signature a one shot scan does not mean you system is still clean even minutes after such a scan.

Just saying.

NOTE: Threat lists can be deceptive because not everyone uses the same name for a given threat although silver sparrow is getting enough press that is less likely.

Thanks for the information. And yes, just because neither of those programs found anything at the time such scans were done, who's to say if it is not present after those scans?

Re: Silver Sparrow Virus
MartyByrde #58051 02/23/21 12:04 PM
Joined: Aug 2009
Likes: 3
Online

Joined: Aug 2009
Likes: 3


Jon

macOS 11.2.1, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Silver Sparrow Virus
joemikeb #58072 02/25/21 11:39 AM
Joined: Sep 2009
Offline

Joined: Sep 2009
With regard to the MalwareBytes threats, that appears to be a Windows only listing. I should also point out that Silver Sparrow is not technically a threat and there is no evidence it ever was.

The macOS Silver Sparrow write up is here https://blog.malwarebytes.com/detections/osx-silversparrow/.

And I can attest that MalwareBytes for Mac has been detecting the critical elements of this infection since at least last Friday.

The proprietary ClamXAV database (as differentiated from the ClamAV database) is not generally searchable, so not sure where you looked, but components of Silver Sparrow are currently detected by ClamXAV as either Trojan.OSX.Generic or Trojan.OSX.SilverSparrow.


-Al-

--
Al Varnell
Mountain View, CA
Re: Silver Sparrow Virus
alvarnell #58076 02/25/21 09:26 PM
OP Online

Joined: Oct 2020
Originally Posted by alvarnell
With regard to the MalwareBytes threats, that appears to be a Windows only listing. I should also point out that Silver Sparrow is not technically a threat and there is no evidence it ever was.

The macOS Silver Sparrow write up is here https://blog.malwarebytes.com/detections/osx-silversparrow/.

And I can attest that MalwareBytes for Mac has been detecting the critical elements of this infection since at least last Friday.

The proprietary ClamXAV database (as differentiated from the ClamAV database) is not generally searchable, so not sure where you looked, but components of Silver Sparrow are currently detected by ClamXAV as either Trojan.OSX.Generic or Trojan.OSX.SilverSparrow.

Thanks for that information. As I mentioned above, neither the latest version of Malwarebytes (released the other day) nor ClamXAV found anything on my late 2018 Mac Mini.

Also, what is the difference between the "ClamXAV database" and the "ClamAV database"? I assume the program ClamXAV uses the ClamXAV database.

Last edited by MartyByrde; 02/25/21 11:52 PM.
Re: Silver Sparrow Virus
MartyByrde #58084 02/26/21 04:21 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I emailed ClamXAV and they give their reason for not detecting silver sparrow below.



I have a feeling that the poster of the comment has got us partially confused with ClamAV, as we do not make our threat list or malware database public. Additionally, we have had silver sparrow on our database since before it was reported by the press. If they haven't had their copy of ClamXAV detect silver sparrow, it's because they aren't infected by it. Here is a screenshot of Silver Sparrow detected by ClamXAV.

jaybass

Last edited by jaybass; 02/26/21 05:16 PM. Reason: screenshot missing

OS 10.12.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. Sierra. 10.12.6 SuperDuper. 1 TB Lacie HD, Noise Ninja.
Re: Silver Sparrow Virus
jaybass #58099 02/26/21 08:36 PM
OP Online

Joined: Oct 2020
Wonder what the difference is between CalmXAV (which I have) and ClamAV?

Re: Silver Sparrow Virus
MartyByrde #58100 02/26/21 09:43 PM
Joined: Aug 2009
Likes: 2
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 2
ClamAV is an open source antivirus tool developed for Unix, ClamXAV is adapted for MacOS X. I don't know if this is still true but IIRC they originally used the same signature file.


joemikeb • moderator

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.3.24 Page Time: 0.040s Queries: 33 (0.032s) Memory: 0.7442 MB (Peak: 0.8297 MB) Data Comp: Zlib Server Time: 2021-02-28 00:19:56 UTC
Valid HTML 5 and Valid CSS