Skip to Content

Possible Mac OS X Trojan Horse (mostly harmless)

So I saw the news this morning about a possible first trojan horse for Mac OS X and decided I didn't really want to deal with the inevitable ensuing hysteria, flames, and crazy comments that would be sure to follow such a post. It was 8:00am and just way too early to deal. I mean, if I want to read stupid comments about Macs all day long, I'll just spend my time over at Digg.

Heh heh..I thought to myself, I'll let some other TUAW staff member post this news story. Then they can deal with the puerility.

But now it's almost noon and something like 42 people have sent in a tip and no one's stepped up to the plate, so I figure I probably should write up something.

Here's a quick summary:  Someone uploaded a trojan horse to the MacRumors.com forums which claims to be a .tgz archive of screenshots of Apple's upcoming Mac OS X 10.5 Leopard. Problem is that it seems to be a proof-of-concept trojan and isn't very successful at doing what it's supposed to do, which is propagate itself out via your IM buddy list. Andrew Welch, who founded Ambrosia Software (thanks for Apeiron, BTW!), has been doing a bang-up job of dissecting the trojan and has determined that it's mostly harmless. You can read the specifics in the Ambrosia forums. Sophos has already posted a definition for this trojan here.

The bottom line is that this really seems to be a proof-of-concept trojan more than an actual "in the wild, self-propagating" virus. So yeah, it's certainly very interesting, but I'm not about to start watching for the sky to fall. Leave that to cartoon birds, storybook characters, and PC magazine columnists.

So I saw the news this morning about a possible first trojan horse for Mac OS X and decided I didn't really want to deal with the...
 

Add a Comment

*0 / 3000 Character Maximum

17 Comments

Filter by:
Random

My thoughts are that if you have to type in your administrative password to install it then it is not a trojan or virus. How far could this one possibly get? Sure, a couple idiot users will open it (despite it being a compressed file claiming to be a bunch of pictures).

How about I just code up an AppleScript that deletes your iPhoto Library instead and stick it in a file titled MomPhotocast.tgz? After I figure out the self-propagating stuff, it could be a "virus" too.

February 18 2006 at 9:40 AM Report abuse rate up rate down Reply
benny

Did any one notice the odd location of the stairs in that pic. Well done troy .. welllllll donneeeeee :-)

-b

February 17 2006 at 4:12 PM Report abuse rate up rate down Reply
rib

Wouldn't this bring up the warning about being the first time opening the application when you double click the file?

February 17 2006 at 12:20 AM Report abuse rate up rate down Reply
shrimp

I'm happy with my intel iMac. Stupid trojan makers couldn't even make it Universal.

:D

February 16 2006 at 4:05 PM Report abuse rate up rate down Reply
the1bigboy

One thing is missing here people... C.K's HORSE!

February 16 2006 at 3:27 PM Report abuse rate up rate down Reply
Carniphage

And to those who are forever pointing out the reckless behavior of those who "do not take Mac security seriously"... it should be pointed out that VIREX / Symantec or whatever other snake-oil nonsense would do precisely nothing to protect you from this sort of trojan.

C

February 16 2006 at 3:08 PM Report abuse rate up rate down Reply
Jeremey

I hate to beat a dead horse (ha), but if there is no protection in the universe for users who download things and run them without knowing what they are. You can drive your car into a tree as many times as you like, but they're not gonna make you a car that can't drive into trees.

February 16 2006 at 3:07 PM Report abuse rate up rate down Reply
steve

It's another reason why Apple themselves says nothing about OS X's "security advantage". No system is perfectly safe from attack.

I'm also not surprised it's being poo-pooed by the Mac crowed.

February 16 2006 at 3:04 PM Report abuse rate up rate down Reply
elf

i typed in my password blindly and open the virus. it opened terminal and slowed down my computer. I searched for everything "created toady" and deleted it securly. no problems at all

February 16 2006 at 2:40 PM Report abuse rate up rate down Reply
Mario Aeby

#5: Jamie, that's exactly what I did. Contrary to degrading Windows users from Admin to limited, nothing serious happened with my day-to-day account here. Hope it stays this way.

Sad: Since my login windows users list now grow one more time, I have to scroll :-(

February 16 2006 at 2:01 PM Report abuse rate up rate down Reply
Buy an ad here

Hot Apps on TUAW

Tweets

© 2012 AOL Inc. All Rights Reserved.