If you have Norton Antivirus on the Mac and it starts reporting that a swapfile is infected with Hacktool.Underhand don't panic! Just update the virus definitions to the ones dated 2nd May or later. This is a false positive that has scared the bejesus out of lots of Mac owners this week.

The Symantec helpdesk (which appears to be based in India?) has been of little help with this. After I read on the Apple forums some users saying this was a false positive I thought I'd ask Symantec themselves. Someone called Raju on their helpdesk sent me a standard email that didn't address my false positive question, just told me how difficult it is to remove some viruses.

So it's a real virus then Raju?
Luckily it was the end of the working day and we didn't start taking any drastic action.

By the next morning someone on the Apple forums had posted an email response they got from Symantec confirming the false positive suggestion. But was this a genuine email or a virus writer putting up a smokescreen?

I emailed Raju back, asking him to confirm or deny it.

A day later he came back, starting his email...

"I understand from your message that you want to reconfirme about the message you received from the Symantec website."

Er, no, I want to know if you gave me the wrong advice actually mate. Anyway he went on to state that it is a falsie.

Symantec has now acknowledged this problem on their website.