First OS X virus (No, just a trojan) ?

Discussion in 'Macintosh' started by SPeedY_B, Feb 16, 2006.

  1. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Looks like some malicious bastard has created something that people are labelling to be a virus for OS X. Before I post any links though, some things that are known about it...


    1. It disguises itself as a jpg, in-fact it's a binary.
    2. It abuses spotlight to find any .app files and propagates itself in them.
    3. It tries to copy itself across the LOCAL network to other macs (via shared drives).
    4. There have been reports of it trying to send itself out via iChat (To Win32 AIM users ironically enough).
    5. There have been NO reports of it spreading outside of a local network.
    6. There have been NO sightings of it outside of the MacRumors.com forums.

    To combat it, make when you open a file, you know what it is... keeping file extensions shown is a good way of doing this :)

    For more information:
    1. http://forums.macrumors.com/showthread.php?t=180323
    2. http://www.ambrosiasw.com/forums/index.php?showtopic=102379

    p.s. ANY sarcastic, flame, or generally out of order posts will be deleted instantly and you will be punished, this thread is solely for the discussion and updates of information relating to this "virus".
     
  2. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Re: First OS X virus ?

    If mac os has a linux emulation layer much as freebsd does I'd guess it'd be vulnerable to linux based viruses to, but it's certainly interesting that developers are targetting mac os natively.
     
  3. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Re: First OS X virus ?

    No emulation layer is present in OS X.

    This has now been deemed to be a trojan (of which there are plenty, this one just does a little more damage) meaning OS X remains virus free.

    Something else worth noting is that the binary is PPC only, meaning the intel folk remain safe :D
     
  4. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    1. Sneaks on to your system
    2. Modifies files against your wishes
    3. Manmade
    4. Spreads
    5. Except 4?
    6. Irrelevent

    Is this purely being called a trojan just so the mac can still be virus free?
     
  5. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    It's a trojan as it still needs user activation (and even password provision if not using an admin account) to "install" it.

    It doesn't exploit any security loophole within the operating system, and it can't attack a system by itself.

    The day will come when OS X has viruses, it's just not today :)
     
  6. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    "I never think about viruses. But all you have to do is chuck your hard drive if infected, correct? And I'd think the MR administrators could easily find out where this came from and sic the LAW on them, right?"

    I hope its soon, some people need a reality check.
     
  7. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Personally, I still perform back-ups (I'd like to say regular... but they're not as regular as they should be), regardless of the lacking viruses for the platform.
    It's stupid not to, just because the next bagle, nyxem or WMF file isn't going to nuke your photos of last years trip to Sweden, doesn't mean a hard disk failure won't.

    With that said though, even with the viruses there are on Windows, some users are still in similar mind-set to that you posted above. Carrying on through life whilst their trusty P3 700Mhz is infected up the eyeballs with spyware, adware, malware, and 18 viruses, stealing their card and paypel information with every order they place on Amazon and eBay.

    Hooray for the internet.
     
  8. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    nifty
     
  9. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    If you look at what it does, it is rather interesting, and while it might not be as bad as people make it out to be, Apple should work on making their AppHooks more secure so that this "trojan" would fail to run because it's app hooks are not set up properly.
     
  10. muzikool

    muzikool Act your wage. Political User

    The Mac has no viruses. The Internets have viruses. :p
     
  11. muzikool

    muzikool Act your wage. Political User

    A good summary from MacRumors:

     
  12. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
  13. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
  14. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    Check out one of my previous posts in this forum - quite possible :)
     
  15. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    I find the most interesting thing about having a Mac is you ALWAYS want to be updated (at least I do), unlike Windows where who cares, nothings new. Just an interesting thing I thought of while reading your post. :)
     
  16. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    The bluetooth worm apparently affects only up to 10.3.9, yet some sites are reporting it as a Tiger virus. Meh.
     
  17. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    Well with all the Apple (Mac) popularity lately ALOT of people want to see them take the kind of abuse MS does on a regular basis. They are only going half read bad things and then spread it like a worm. :p Shame really.