|Type||Boot sector virus|
|Place of Origin||Montreal, Quebec, Canada|
|Infection Length||1908 bytes|
Macmag is an early Macintosh virus from 1988. It was the first time that a virus had caused a major outbreak by infecting a software product.
If Macmag is run from the original dropper, NEWAPP.STK, or if a clean disk is placed in an infected system, it will drop an INIT resource named DR. If the disk is booted, the virus will become resident in the memory and infect any disks inserted into the system.
The virus replicates until 1988.03.02. If the infected computer is booted on that date, it displays the message: "RICHARD BRANDOW, publisher of MacMag, and its entire staff would like to take this opportunity to convey their UNIVERSAL MESSAGE OF PEACE to all Macintosh users around the world." After that, it deletes itself.
Richard Brandow, the publisher of the Montreal-based MacMag, claimed to have created the virus, though the virus contains the name "Drew" in its code. Drew Davidson of Tucson, Arizona, USA is also said to have created the virus. It is uncertain whether Davidson collaborated with Brandow on the virus, or Davidson created the virus entirely himself and passed it on to Brandow.
The release date of the virus is also uncertain. The virus was first known to be wild when it was downloaded from the Hypercard programming forum on 1988.02.06, but Brandow claims that some computers at MacMag magazine were deliberately infected to "seed" the virus infection in December of 1987. In addition, Brandow claimed that he had been thinking of the message for two years prior to it becoming wild.
The virus was first discovered wild on a Compuserve forum for the Hypercard programming language in 1988.02.06 as a Hypercard stack file named NEWAPP.STK. It was on the forum for at least twenty-four hours before it was discovered. The forum warned users about a file that was found to have been infected with a virus. The moderator of the forum at first downplayed this warning, believing that since Hypercard stacks were not binary programs, they could pose no danger. He later went back on that after reading the warning and a user's story, even issuing an apology.
MacMag magazine publisher Richard Brandow was very willing to claim authorship of the virus. He gave a few different stories for the reason for creating the virus. Initially, he claimed he wanted to make a statement about software piracy and that it was an experiment to see how far it would spread. Another claim was that he wanted to send a message about peace, and sometimes he tried to make illogical connections between the virus and handgun ownership in the United States. At times he even claimed that MacMag (the magazine) had no intention of spreading the virus. Most researchers believe that the virus was created to create publicity for the magazine. They also say it backfired.
One outbreak of the virus began when the president of MacroMind Inc. (later merged with another company to form Macromedia), Marc Canter, received a copy of the Mr. Potato Head game infected with the virus while visiting Canada. He claimed he used the game disk only once, but still managed to get other disks he used infected. These disks included a training program that was sent to the Aldus corporation.
There, the virus infected disks of the program Aldus Freehand (now Macromedia Freehand) a popular vector graphics program. A large number of these disks were sold, causing a major outbreak of the virus. The disks had to be recalled.
Other clients of Marc Canter included Apple, Lotus, Microsoft and Ashton-Tate. The Apple and Lotus corporations could not be reached for comment at first, but later determined that none of their software was infected. The other company, Ashton-Tate declined to comment.
Macmag is named for the magazine from whose offices it originated. It has also been called Aldus, Brandow, Drew and Peace.
The payload trigger date of 1988 March 2nd is also the first anniversary of the release of the Macintosh II. Oddly enough, the virus contains a bug that will cause the Macintosh II (and only this version) to crash when it is booted.
Robert Slade. Computer Knowledge, Chapter 8 - MacMag virus.
Dave Platt, Dave Curry. The Risks Digest, "MacMag virus infects commercial software" and "More on the Brandow virus ANOTHER VERSION". 1988.03.15-16
The Text Files, SUBSCRIBER, SYSOP BLOCK POSSIBLE "VIRUS" IN APPLE HYPERCARD FORUM.
Ronald Grinke. University of Hamburg, Virus Test Center, MacMag Virus. 1991.12.17
Symantec Security Response, MacMag.
John Markoff. The New York Times, A 'Virus' Gives Business a Chill. 1988.03.17
Philip Elmer-DeWitt. Time Magazine, Invasion of the Data Snatchers, pp.62-67. 1988.09.26