Filed under: OS, Bluetooth, Security
Yet Another Pointless Worm(tm): Inqtana.A
It's
like a leaky dam: It starts with one tiny little hole in the wall, then several more spring through. Before you know
it, the whole dam has collapsed and the poor farm town down the road is nothing more than island rooftops and floating
cows. What do you think happened to Atlantis, folks?Following the discovery of one of Mac OS X's first "Trojan" worms (wink), Macworld was kind enough to point out another leak in our increasingly porous perimeter: a new proof-of-concept Java worm called Inqtana.A that "exploits a vulnerability in Bluetooth on some Macs that haven’t been updated with Panther and Tiger security patches."
I'll leave the gory details for Macworld to explain, but suffice to say that the malware loads onto your Mac, finds another machine via bluetooth and attempts to transfer itself. The user receiving the file does need to accept the transfer -- but it still self-propagates, technically classifying it as a worm. The good news, though, is that it doesn't seem to do much more than that.
Frankly, despite the sudden appearance of these proof-of-concept "leaks," I'm still betting that some clever animated superhero will pop a finger into the holes and seal 'em up before the dam bursts and we're forced to start new lives as ruffian mer-people. But there are only so many fingers and toes to go around before a leak's left unattended -- what happens then? Aquacalypse?
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
tdungan said 9:32AM on 2-18-2006
"a NEW proof-of-concept Java worm ... that exploits a vulnerability in Bluetooth on SOME Macs that haven’t been updated with Panther and Tiger security patches."
I guess this could mean something towards being the person(s) who created the first Macintosh worm/virus. But in reality, it's more like pointing out security flaws in Win95 or Win98. Just one more FUD tactic to point at the Mac and help Symantec (et al.) sell software.
Guess Macs finally are getting the attention of "the real world". The era of security through obscurity is at an end. Now is the time when the secure DESIGN of OS X gets to prove it's mettle.
Reply
Mephistophelian said 10:24AM on 2-18-2006
Looks like I'll have to not let my iMac out on the town tonite. There can be no chance that she can get within 30 feet of a dirty disease ridden mac she happens to meet at the bar.
Reply
Jethro said 10:34AM on 2-18-2006
This is what you Apple people asked for by beckoning the scurvy riven & bug infested Microsoft hordes to "switch" to Mac. A lot of them are old MS bug farmers look'n for new hatcheries to build hosts to infest.
LOL! - I "switched" three years ago. So, shove over & make room for your new guests - we got lots incubating to do.
BWAHAHAHAHAHAHAHAHA!!
Reply
Nicholas Smith said 11:01AM on 2-18-2006
Am I the only one non-plussed by these? This one is for machines that haven't been updated (a quick software update isn't hard!) and the previous one you had to either download or accept over iChat.
We're not in bandit country really.
Reply
Ben said 11:21AM on 2-18-2006
not only did you have to download/accept the first one, you had to enter your admin username and password....which should raise an eyebrow considering it's supposed to be a JPG
Reply
djones said 11:38AM on 2-18-2006
I don't mind MacWorld, or TUAW for that matter, spreading word about potential threats, no matter how harmless they are. As Google news headlines already show, the emphasis is on how prepare we (the Mac community) are in comparison to the Windows population.
What bothers me is how this particular worm is in the news the same week as Oompa. As the MacWorld article points out, this security flaw was found in May of 2005, and was patched in a Security patch from Apple in June of 2005.
The fact that it's making news now just lends credence to my theory that Sophos spends more time trying to create viruses, and writing press releases than they do making security software. It makes sense. They must be AWFULLY bored waiting for a big Mac threat.
Reply
John P. said 12:09PM on 2-18-2006
I often wonder myself if it's the anti-virus companies writing the viruses.
Reply
iomatic said 2:25PM on 2-18-2006
See! Yor macz are teh suxx0rz!!! now yu have a viruss just like windowz users... but still not as many HAHA
OK, now that we have that out of the way, what does this really mean? That the first "trojan horses" targeted the what— the only three machines that fall under this profile, and that they're in essence, non-effectual? And they're not even viruses? Or unattended Trojan horses?
Conclusion: YAWN.
Reply
Dean said 2:38PM on 2-18-2006
I really think that hyping up these so called Virus trojan findings is a big mistake.
This is what happens when media (like the news) gets its hand on a story. You make it bigger than it is and you draw attention to it. And the guys who make these viruses want that attention. Thats why they do it. They are sitting at home going "check this out I did this"
Don't give them the satisfaction.
cheers :)
Reply
OxyMoron said 4:14PM on 2-18-2006
So this thing uses security problems in 10.4.1 right? So it took these 1337 hackers the best part of a year to crack a minor exploitable hole?
You know, this actually makes me feel pretty good about the general level of security in OS X - Apple patches a problem, and 8 months later, someone writes a 'worm' to take advantage...which still requires rather a lot of user interaction.
Reply
Catt said 4:58PM on 2-18-2006
I would love to spend time ranting and raving about these viruses but quite frankly I don't have the time and patience to read all this suff. I've got antivirus software on my Mac coz I get files from a lot of Windows users so I figure better safe than sorry. Guess you can say that I didn't quite grow out of the being cautious habit from my Windows days...
Reply
Jeremy said 5:48PM on 2-18-2006
Oh, look! More evidence that a program a user actively allows to install and run can do Bad Things! Look! It exploits bugs that were fixed back in the late '60s! Look! It self-propagates as long as the user actively allows it to! We're DOOMED!
Come on, folks. This isn't even worth the time it took to write the story. It's not a problem, and it's not even a proper worm. Stop buying into the "security through obscurity" FUD and actually learn something.
Reply
Alan Woodland said 2:29PM on 2-21-2006
Ok, I'm quite worried now - Sophos on my iBook just told me I'd got the B variant of this virus, and I have all the updates and have done for some time now. False positive perhaps? Or a more sinister variant? Also sophos helpfully tells me that it can't remove it too!
Reply
Drew said 3:06PM on 2-21-2006
From everything I've read, most of you have not seen Inqtana.B yet. We use Sophos in our organization and we've found that the B variant of this bug is a bit more malicious than the A variant. To start with, no user intervention seems to be required to "catch" B. Additionally, Sophos only updated their def files in the last 48 hours to catch the B variant. Once the def files are updated, on-demand scanning will find the bug. But, and here's the gotcha, applications that are infected with B unexpectedly close with Sophos running on-demand scanning once you have the new def files. This seems like a minor payload on the surface. But, to get infected applications to run again, you have to disable Sophos. Additionally, manually removing the B variant also permanently hoses the application and requires a re-install.
This is not just a passing fancy, folks. Wake up and be vigilant. The days of the "untouchable" OS X environment are coming to a screeching halt.
Reply
Kurt said 4:00AM on 4-26-2006
I cannot believe some of the reactions I continue to read from x86, PC, Intel or 'whatever you want to be called' loyalists. My God, don't you people read? I mean, I have never read more bias POV's in my life. I may be a Mac owner, but I got the machine taking into account the pros and cons of both, and what Im going to use the machine for. I have owned and used both platforms, and at this time, for the price, I find my PB G4 to be the best choice for my purposes.
In making this choice, I didn't suddenly feel compelled to thump my PC owning roommates over the head with with my thoughts on the superiority of my choice over thiers. They seem to be sane, and thankfully have not joined the ranks of the PC users who, upon spotting my Mac, will no doubt, begin spouting undesired regurgitations of Intel propaganda. You spend so much time trying to justify yourselves by seeking out chinks in the armor of your self declared opponents that either dont exist, or are so miniscule as to be barely mentionable save to remind owners of vulnerable Macs to UPDATE THIER MACHINES OS MORE REGULARLY, that you must have WAY too much time on your hands. This being the case, at least take the time to get reliable information to use for ammunition in your rants. And let's face facts.
No matter your platform preference, there will always be something being developed by some random idiots (who may or may not be working for an Antivirus developer,) to screw things up. Instead of fighting each other, we should be cooperating more. We all have common goals and problems. We all should be proficient in both platforms, as that is what we all must use at this moment in time. Screw this "Us vs Them" crap. If you buy into that line of "Brand Loyalty" thinking, you might as well stop using your head, and hand Jobs and Gates your dough the minute they fart out a new product.
Maybe we all should just be called "Computer Users" or something.
Jeez Louise!
Reply