First OS X virus (No, just a trojan) ?

SPeedY_B

I may actually be insane.
Joined
31 Mar 2002
Messages
15,807
Looks like some malicious bastard has created something that people are labelling to be a virus for OS X. Before I post any links though, some things that are known about it...


1. It disguises itself as a jpg, in-fact it's a binary.
2. It abuses spotlight to find any .app files and propagates itself in them.
3. It tries to copy itself across the LOCAL network to other macs (via shared drives).
4. There have been reports of it trying to send itself out via iChat (To Win32 AIM users ironically enough).
5. There have been NO reports of it spreading outside of a local network.
6. There have been NO sightings of it outside of the MacRumors.com forums.

To combat it, make when you open a file, you know what it is... keeping file extensions shown is a good way of doing this :)

For more information:
1. http://forums.macrumors.com/showthread.php?t=180323
2. http://www.ambrosiasw.com/forums/index.php?showtopic=102379

p.s. ANY sarcastic, flame, or generally out of order posts will be deleted instantly and you will be punished, this thread is solely for the discussion and updates of information relating to this "virus".
 
Re: First OS X virus ?

If mac os has a linux emulation layer much as freebsd does I'd guess it'd be vulnerable to linux based viruses to, but it's certainly interesting that developers are targetting mac os natively.
 
Re: First OS X virus ?

No emulation layer is present in OS X.

This has now been deemed to be a trojan (of which there are plenty, this one just does a little more damage) meaning OS X remains virus free.

Something else worth noting is that the binary is PPC only, meaning the intel folk remain safe :D
 
1. Sneaks on to your system
2. Modifies files against your wishes
3. Manmade
4. Spreads
5. Except 4?
6. Irrelevent

Is this purely being called a trojan just so the mac can still be virus free?
 
It's a trojan as it still needs user activation (and even password provision if not using an admin account) to "install" it.

It doesn't exploit any security loophole within the operating system, and it can't attack a system by itself.

The day will come when OS X has viruses, it's just not today :)
 
"I never think about viruses. But all you have to do is chuck your hard drive if infected, correct? And I'd think the MR administrators could easily find out where this came from and sic the LAW on them, right?"

I hope its soon, some people need a reality check.
 
Personally, I still perform back-ups (I'd like to say regular... but they're not as regular as they should be), regardless of the lacking viruses for the platform.
It's stupid not to, just because the next bagle, nyxem or WMF file isn't going to nuke your photos of last years trip to Sweden, doesn't mean a hard disk failure won't.

With that said though, even with the viruses there are on Windows, some users are still in similar mind-set to that you posted above. Carrying on through life whilst their trusty P3 700Mhz is infected up the eyeballs with spyware, adware, malware, and 18 viruses, stealing their card and paypel information with every order they place on Amazon and eBay.

Hooray for the internet.
 
If you look at what it does, it is rather interesting, and while it might not be as bad as people make it out to be, Apple should work on making their AppHooks more secure so that this "trojan" would fail to run because it's app hooks are not set up properly.
 
The Mac has no viruses. The Internets have viruses. :p
 
A good summary from MacRumors:

The announcement of the release of a Mac OS X trojan/virus/worm yesterday has drawn a lot of attention, confusion and significant misinterpretation. While much of the attention was aimed at the "virus vs trojan" distinction, this energy was misguided.

On the one hand, some users were quick to dismiss it as a simple "trojan" that anyone could easily script in minutes. While the application was setup to trick the end-user into launching it, the resultant actions it took were far more sophisticated as it was designed to inject itself into other applications on the users' hard drive. Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)

On the other hand, several saw this as a much more ominous sign for the Mac platform. However, this application itself is of a rather limited threat by the nature of its propogation -- and no particular Mac OS X vulnerability exists which allows the unimpeded transmission of a virus. Unless you specifically downloaded and launched this file, there is no way your Mac could have been infected.

The significance of this event is simply the intention behind the release of such malware under Mac OS X.

For additional reading, Symantec provides a step-by-step guide on what happens when the application launches and what modifications it makes to the users applications, while Andrew Welch of Ambrosia SW finished a detailed technical summary of the application.
 
Check out one of my previous posts in this forum - quite possible :)
 
X-Istence said:
Ehm, you'd have to be really outdated, and dumb :p
I find the most interesting thing about having a Mac is you ALWAYS want to be updated (at least I do), unlike Windows where who cares, nothings new. Just an interesting thing I thought of while reading your post. :)
 
The bluetooth worm apparently affects only up to 10.3.9, yet some sites are reporting it as a Tiger virus. Meh.
 
SPeedY_B said:
The bluetooth worm apparently affects only up to 10.3.9, yet some sites are reporting it as a Tiger virus. Meh.
Well with all the Apple (Mac) popularity lately ALOT of people want to see them take the kind of abuse MS does on a regular basis. They are only going half read bad things and then spread it like a worm. :p Shame really.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,498
Members
5,626
Latest member
FayWilley
Back