Filed under: Software, Security
New Mac OS X malware - OSX_LAMZEV.A
Computer security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of infected Macs. This is the second report of Mac OS X malware this week.This is not a virus, and users must actually launch the app for it to install its payload. Once running, the app also asks which firewall port it can use. Trend Micro reports that "Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems."
Many Mac OS X-based malware seems to be similar in nature, requiring users to actually launch the installer and give it permission to install the payload. Unlike Windows-based malware, you shouldn't need to install any anti-malware apps to annoy you and slow down your Mac. Just make sure to follow the basic rules of Internet safety -- don't install applications that aren't legitimate or visit Web sites that you don't trust.
For more details, be sure to visit the Trend Micro Virus Encyclopedia.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
waiownsyou said 2:38PM on 11-21-2008
The people who spend their time making these viruses have no lives.
Speaking of which, anyone else have this conspiracy theory that anti-virus makers are the actual people who make the viruses? Just food for thought.
Reply
Jools said 2:42PM on 11-21-2008
@waiownsyou:
Read the first 5 words of the second paragraph of the article...
waiownsyou said 2:49PM on 11-21-2008
Tomato, Tuh-mato. The term "virus" is blurred enough to encompass any malicious code including adware, trojans, keyloggers, and actual viruses. Welcome to the diluted digital world of Windows (on Macintosh).
Jools said 4:34PM on 11-21-2008
No, the word "virus" means "virus" and nothing else, except to people who don't know the difference.
"Malware" is the generic term "to encompass any malicious code including adware, trojans, keyloggers, and actual viruses".
http://en.wikipedia.org/wiki/Malware
Rollins said 12:35PM on 11-22-2008
Jools, the pedantry is obnoxious.
Ebel3003 said 2:45PM on 11-21-2008
I'll begin worrying as soon as you don't need to be completely computer illiterate to become infected.
Reply
Luke Anderson said 3:08PM on 11-21-2008
Hmmm.... I'm getting a Mac and now hearing about this :S
Oh well - still gonna get one!
Reply
Matt Kern said 3:50PM on 11-21-2008
I don't think you read the article correctly. YOU HAVE TO MANUALLY INSTALL THIS MALWARE. This means that you shouldn't be concerned about it. That is unless you are beyond stupid, then you should be concerned.
Quine said 3:30PM on 11-21-2008
Wow. So you basically have to give just about anything access to your comp to allow this, then provide a valid port. All it does is put a file or two in app bundles too, which can just be removed with a shell script.
Epic Fail.
Reply
Matt Kern said 3:50PM on 11-21-2008
So, if this works with firewire ports new Macbook owners need not worry, eh?
I finally understand why Apple would literally spend millions in R&D to later abandon a technology that they not only created, but is loved by users. It all makes sense.
Reply
TheBasslineFiend said 4:07PM on 11-21-2008
I think you should re-read the article... specifically the 2nd paragraph. Firewire isn't even mentioned in passing here.
Matt Kern said 4:17PM on 11-21-2008
Haha... I misread firewall for firewire. I thought I was being funny, and now I just look like a jackass that can't read.
Steve said 4:25PM on 11-21-2008
Many of my files are private and require no root access to distribute should an application decide it wants to upload all my data to some obscure location. Don't be fooled that just because it requires no authenticated access that it cannot cause damage.
Reply
Samuel. P Winter said 7:11PM on 11-21-2008
In my opinion, an application that actually requires you to install it, asks which firewall port it can use, and doesn't attempt to hide its presence in the filesystem is not really malware..
The Windows malware situation is really bad because of the fact that many of the malicious spyware/virus applications exploit security holes in internet explorer (usually in the activeX layer), browser plugins, and other common apps/services so they can install themselves on to the system without user intervention ( "drive-by installation") other than perhaps visiting a rogue website.
Reply
James Madley said 7:25AM on 11-22-2008
Exactly. This is more like voluntary euthanasia.
ian said 3:27PM on 11-22-2008
In which case, none of the top ten security threats to Windows machines are malware, either.
Mac users have a very skewed view of the Windows security threat scene. What they don't often realise is that very, very few pieces of Windows malware rely on security holes in Windows. Instead, they target the biggest security hole on any platform - the one between the user's ears.
Why? Simple - that hole can't be patched by Microsoft or anyone else.
My worry is that lots of newer and/or less wise Mac owners "believe the hype" that the Mac is immune to *all* forms of malware, and so take risks which they wouldn't on a less secure platform. If you really believe that there's no way you can make Mac malware, why would you bother about running that executable file "your friend" has just sent you...
Kendal said 7:43AM on 11-22-2008
Windows Malware/Viruses: Ninjas in the night come in through your many open windows, and steal everything without you knowing. They also kill your cat.
Mac Malware/Viruses: A man knocks on your door asking for a copy of your house keys, asking when you won't be home today, and if you wouldn't mind him being over. He assures you he is a good person.
Reply
Martin said 7:59AM on 11-22-2008
It's still a little disconcerting to find this on my system and have it come up and ask me if for the confirmation about running it... I just searched lamzev in spotlight and it came back with file in my cache from last night that implied it was downloaded via an engadget link when I visited their site last night... (I'm not saying I got it from there, because I could never prove it - but the url was theirs in the popup that came up)
Reply
Jesse said 11:00AM on 11-23-2008
Get use to it. Expect to see more maliciously crafted code targeting OS X and Mac users as time goes on and market share goes up.
Reply
srey0123 said 12:30AM on 11-22-2008
Market share is the strawman argument of the haters. This argument is irrelevant. Go home, troll.