First OS X virus (No, just a trojan) ?

SPeedY_B

I may actually be insane.
#1
Looks like some malicious bastard has created something that people are labelling to be a virus for OS X. Before I post any links though, some things that are known about it...


1. It disguises itself as a jpg, in-fact it's a binary.
2. It abuses spotlight to find any .app files and propagates itself in them.
3. It tries to copy itself across the LOCAL network to other macs (via shared drives).
4. There have been reports of it trying to send itself out via iChat (To Win32 AIM users ironically enough).
5. There have been NO reports of it spreading outside of a local network.
6. There have been NO sightings of it outside of the MacRumors.com forums.

To combat it, make when you open a file, you know what it is... keeping file extensions shown is a good way of doing this :)

For more information:
1. http://forums.macrumors.com/showthread.php?t=180323
2. http://www.ambrosiasw.com/forums/index.php?showtopic=102379

p.s. ANY sarcastic, flame, or generally out of order posts will be deleted instantly and you will be punished, this thread is solely for the discussion and updates of information relating to this "virus".
 
#2
Re: First OS X virus ?

If mac os has a linux emulation layer much as freebsd does I'd guess it'd be vulnerable to linux based viruses to, but it's certainly interesting that developers are targetting mac os natively.
 

SPeedY_B

I may actually be insane.
#3
Re: First OS X virus ?

No emulation layer is present in OS X.

This has now been deemed to be a trojan (of which there are plenty, this one just does a little more damage) meaning OS X remains virus free.

Something else worth noting is that the binary is PPC only, meaning the intel folk remain safe :D
 

Electronic Punk

willalwaysbewithyou
Staff member
Political User
#4
1. Sneaks on to your system
2. Modifies files against your wishes
3. Manmade
4. Spreads
5. Except 4?
6. Irrelevent

Is this purely being called a trojan just so the mac can still be virus free?
 

SPeedY_B

I may actually be insane.
#5
It's a trojan as it still needs user activation (and even password provision if not using an admin account) to "install" it.

It doesn't exploit any security loophole within the operating system, and it can't attack a system by itself.

The day will come when OS X has viruses, it's just not today :)
 

Electronic Punk

willalwaysbewithyou
Staff member
Political User
#6
"I never think about viruses. But all you have to do is chuck your hard drive if infected, correct? And I'd think the MR administrators could easily find out where this came from and sic the LAW on them, right?"

I hope its soon, some people need a reality check.
 

SPeedY_B

I may actually be insane.
#7
Personally, I still perform back-ups (I'd like to say regular... but they're not as regular as they should be), regardless of the lacking viruses for the platform.
It's stupid not to, just because the next bagle, nyxem or WMF file isn't going to nuke your photos of last years trip to Sweden, doesn't mean a hard disk failure won't.

With that said though, even with the viruses there are on Windows, some users are still in similar mind-set to that you posted above. Carrying on through life whilst their trusty P3 700Mhz is infected up the eyeballs with spyware, adware, malware, and 18 viruses, stealing their card and paypel information with every order they place on Amazon and eBay.

Hooray for the internet.
 

X-Istence

*
Political User
#9
If you look at what it does, it is rather interesting, and while it might not be as bad as people make it out to be, Apple should work on making their AppHooks more secure so that this "trojan" would fail to run because it's app hooks are not set up properly.
 

muzikool

Act your wage.
Political User
#11
A good summary from MacRumors:

The announcement of the release of a Mac OS X trojan/virus/worm yesterday has drawn a lot of attention, confusion and significant misinterpretation. While much of the attention was aimed at the "virus vs trojan" distinction, this energy was misguided.

On the one hand, some users were quick to dismiss it as a simple "trojan" that anyone could easily script in minutes. While the application was setup to trick the end-user into launching it, the resultant actions it took were far more sophisticated as it was designed to inject itself into other applications on the users' hard drive. Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)

On the other hand, several saw this as a much more ominous sign for the Mac platform. However, this application itself is of a rather limited threat by the nature of its propogation -- and no particular Mac OS X vulnerability exists which allows the unimpeded transmission of a virus. Unless you specifically downloaded and launched this file, there is no way your Mac could have been infected.

The significance of this event is simply the intention behind the release of such malware under Mac OS X.

For additional reading, Symantec provides a step-by-step guide on what happens when the application launches and what modifications it makes to the users applications, while Andrew Welch of Ambrosia SW finished a detailed technical summary of the application.
 
#15
X-Istence said:
Ehm, you'd have to be really outdated, and dumb :p
I find the most interesting thing about having a Mac is you ALWAYS want to be updated (at least I do), unlike Windows where who cares, nothings new. Just an interesting thing I thought of while reading your post. :)
 
#17
SPeedY_B said:
The bluetooth worm apparently affects only up to 10.3.9, yet some sites are reporting it as a Tiger virus. Meh.
Well with all the Apple (Mac) popularity lately ALOT of people want to see them take the kind of abuse MS does on a regular basis. They are only going half read bad things and then spread it like a worm. :p Shame really.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,969
Messages
673,295
Members
89,015
Latest member
arrangel