Possible Mac OS X Trojan Horse (mostly harmless)
So
I saw the news this morning about a possible first trojan horse for Mac OS X and decided I didn't really want to deal
with the inevitable ensuing hysteria, flames, and crazy comments that would be sure to follow such a post. It was
8:00am and just way too early to deal. I mean, if I want to read stupid comments about Macs all day long, I'll just
spend my time over at Digg.Heh heh..I thought to myself, I'll let some other TUAW staff member post this news story. Then they can deal with the puerility.
But now it's almost noon and something like 42 people have sent in a tip and no one's stepped up to the plate, so I figure I probably should write up something.
Here's a quick summary: Someone uploaded a trojan horse to the MacRumors.com forums which claims to be a .tgz archive of screenshots of Apple's upcoming Mac OS X 10.5 Leopard. Problem is that it seems to be a proof-of-concept trojan and isn't very successful at doing what it's supposed to do, which is propagate itself out via your IM buddy list. Andrew Welch, who founded Ambrosia Software (thanks for Apeiron, BTW!), has been doing a bang-up job of dissecting the trojan and has determined that it's mostly harmless. You can read the specifics in the Ambrosia forums. Sophos has already posted a definition for this trojan here.
The bottom line is that this really seems to be a proof-of-concept trojan more than an actual "in the wild, self-propagating" virus. So yeah, it's certainly very interesting, but I'm not about to start watching for the sky to fall. Leave that to cartoon birds, storybook characters, and PC magazine columnists.
Share
Categories
So I saw the news this morning about a possible first trojan horse for Mac OS X and decided I didn't really want to deal with the...
Add a Comment
My thoughts are that if you have to type in your administrative password to install it then it is not a trojan or virus. How far could this one possibly get? Sure, a couple idiot users will open it (despite it being a compressed file claiming to be a bunch of pictures).
How about I just code up an AppleScript that deletes your iPhoto Library instead and stick it in a file titled MomPhotocast.tgz? After I figure out the self-propagating stuff, it could be a "virus" too.
Did any one notice the odd location of the stairs in that pic. Well done troy .. welllllll donneeeeee :-)
-b
Wouldn't this bring up the warning about being the first time opening the application when you double click the file?
February 17 2006 at 12:20 AM Report abuse Permalink rate up rate down ReplyI'm happy with my intel iMac. Stupid trojan makers couldn't even make it Universal.
:D
One thing is missing here people... C.K's HORSE!
February 16 2006 at 3:27 PM Report abuse Permalink rate up rate down ReplyAnd to those who are forever pointing out the reckless behavior of those who "do not take Mac security seriously"... it should be pointed out that VIREX / Symantec or whatever other snake-oil nonsense would do precisely nothing to protect you from this sort of trojan.
C
I hate to beat a dead horse (ha), but if there is no protection in the universe for users who download things and run them without knowing what they are. You can drive your car into a tree as many times as you like, but they're not gonna make you a car that can't drive into trees.
February 16 2006 at 3:07 PM Report abuse Permalink rate up rate down ReplyIt's another reason why Apple themselves says nothing about OS X's "security advantage". No system is perfectly safe from attack.
I'm also not surprised it's being poo-pooed by the Mac crowed.
i typed in my password blindly and open the virus. it opened terminal and slowed down my computer. I searched for everything "created toady" and deleted it securly. no problems at all
February 16 2006 at 2:40 PM Report abuse Permalink rate up rate down Reply#5: Jamie, that's exactly what I did. Contrary to degrading Windows users from Admin to limited, nothing serious happened with my day-to-day account here. Hope it stays this way.
Sad: Since my login windows users list now grow one more time, I have to scroll :-(
Hot Apps on TUAW
Deals of the Day
more deals- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
- Philips wOOx Alarm Clock Radio for Apple iPod / iPhone for $60 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
17 Comments