Linked by Thom Holwerda on Thu 16th Feb 2006 15:45 UTC, submitted by kristof
Mac OS X Antivirus researchers have discovered what's claimed to be the first computer Trojan to infect Apple Mac OS X computers. The malware, dubbed Leap-A, spreads via the iChat instant messaging system as a file called latestpics.tgz that infected machines send to contacts on an infected user's buddy list. The malicious file, which poses as a set of pictures, is a compressed Unix shell program. The user is prompted for admin credentials to launch the malicious code, which is better described as a Trojan than a virus. Mac OS X users who do this will find their machines infected.
Order by: Score:
Deserved
by MattK on Thu 16th Feb 2006 15:58 UTC
MattK
Member since:
2005-11-14

I'm sorry, but if your downloading anything and everything sent to you from IM or email, extracting, executing it, and entering administration credentials, then you deserve to be infected. Anyone stupid enough to do this shouldn't have the admin password anyhow.

YEah, here is a virus for my cell phone:

Step 1: Fill a glass of water 3/4 of the way up.
Step 2: REmove cell phone from pocket.
Step 3: Fully submerge cell phone in glass of water.
Step 4: Enjoy new iTunes cell phone Upgrade!

The cell phone manufacturers should surely add flotation devices to all cell phones so they are not subject to this level of attack.

-MJK

Reply Score: 5

RE: Deserved
by dubdubdub on Thu 16th Feb 2006 16:02 UTC in reply to "Deserved"
dubdubdub Member since:
2006-01-01

What exactly does this malicious code do?

Its a good thing most mac users aren't your run of the mill click, drool, click users that will blindly click on the YES on any box.

Also, most mac users are aware that if it wants your password - its something more than just documents.

Reply Score: 3

RE[2]: Deserved
by Thom_Holwerda on Thu 16th Feb 2006 16:05 UTC in reply to "RE: Deserved"
Thom_Holwerda Member since:
2005-06-29

Also, most mac users are aware that if it wants your password - its something more than just documents.

Yes, but if Apple's share rises (which most analysts expect) then viruses or trojans like this will suddenly be more dangerous. This trojan means little, but the theory is there.

Edited 2006-02-16 16:05

Reply Score: 5

v RE[3]: Deserved
by dubdubdub on Thu 16th Feb 2006 16:10 UTC in reply to "RE[2]: Deserved"
RE[4]: Deserved
by TomB7 on Thu 16th Feb 2006 18:23 UTC in reply to "RE[3]: Deserved"
TomB7 Member since:
2006-01-03

"I am happy that macs only take up a small market share, and I don't think that should change. They are NOT for everyone. They are for creatives and artists."

That's an elitist attitude. EVERYBODY deserves a Mac; nobody should have to suffer Windows.

As for the "cool factor": if you've got it; flaunt it, but fundamentally, it's just about getting your work done, cool or not. This is most efficiently done on a Mac.

Reply Score: 5

RE[4]: Deserved
by sp29 on Thu 16th Feb 2006 16:25 UTC in reply to "RE[2]: Deserved"
sp29 Member since:
2006-01-04

That's not true, just because Apple share rises...it is rising doesn't mean it will be infected more. OS X is much more secure than Microsoft OS and Products.

Windows has 55 thousand add-ons(viruses) that are automatic and requires no Admin Pass like OS X to run on PC's.

Do your math and see who is more secure.

Reply Score: 2

RE[5]: Deserved
by E747 on Thu 16th Feb 2006 16:41 UTC in reply to "RE[4]: Deserved"
E747 Member since:
2006-02-07

I did my math and the answer is 42, so there.

Reply Score: 5

RE[5]: Deserved
by rockwell on Thu 16th Feb 2006 16:48 UTC in reply to "RE[4]: Deserved"
rockwell Member since:
2005-09-13

//Windows has 55 thousand add-ons(viruses) that are automatic and requires no Admin Pass like OS X to run on PC's.//

And yet, I've been using XP Pro for five years, and my box has never been infected by one of the 55,000.

Really, folks ... it's not that hard to keep your XP box free from all the "crap."

Reply Score: 3

RE[6]: Deserved
by sp29 on Thu 16th Feb 2006 17:07 UTC in reply to "RE[5]: Deserved"
sp29 Member since:
2006-01-04

"And yet, I've been using XP Pro for five years, and my box has never been infected by one of the 55,000."

I don't believe ya! It's the very nature of Microsoft Windows to get infected. I have 2 pcs actually 3(one dell sitting with a bad fan)and they all have been effected by virus's, etc.

Reply Score: 1

RE[7]: Deserved
by DrillSgt on Thu 16th Feb 2006 17:16 UTC in reply to "RE[6]: Deserved"
DrillSgt Member since:
2005-12-02

"I don't believe ya! It's the very nature of Microsoft Windows to get infected. I have 2 pcs actually 3(one dell sitting with a bad fan)and they all have been effected by virus's, etc."

No, it is the nature of the user. If your machine with Windows is treated properly, you will avoid infection. I had one virus ever on Windows, and that was with Windows 98. That only happened as I got careless. It is user education alone that will stop Malware from any platform. Though it is not mac OS X, lets not forget the first officially labeled computer virus was for the Apple...NOT a PC. Just my 2 cents.

Reply Score: 4

RE[8]: Deserved
by rockwell on Thu 16th Feb 2006 17:52 UTC in reply to "RE[6]: Deserved"
rockwell Member since:
2005-09-13

//I don't believe ya! It's the very nature of Microsoft Windows to get infected.//

Sorry, it's the very nature of ignorant users to get infected. Is that partly Microsoft's fault? Yes. But it's also the user's bad practices.

I reiterate: No viruses on my box for five years. Period.

Reply Score: 2

RE[7]: Deserved
by BluenoseJake on Thu 16th Feb 2006 21:38 UTC in reply to "RE[6]: Deserved"
BluenoseJake Member since:
2005-08-11

I have only ever had one virus, and it was caused by a boot sector virus in 1992

Reply Score: 1

v RE[6]: Deserved
by aquila_deus on Thu 16th Feb 2006 18:37 UTC in reply to "RE[5]: Deserved"
RE[7]: Deserved
by Soulbender on Fri 17th Feb 2006 03:31 UTC in reply to "RE[6]: Deserved"
Soulbender Member since:
2005-08-18

You are confusing lack of understanding with stupidity.

Reply Score: 1

RE[5]: Deserved
by BluenoseJake on Thu 16th Feb 2006 21:31 UTC in reply to "RE[4]: Deserved"
BluenoseJake Member since:
2005-08-11

Actually, if you run as a normal user in Windows 2000/XP, your vulnerabilty drops dramatically, it's not that the OS is that much more insecure, it also the way they are operated, security starts with the user

Reply Score: 2

RE[5]: Deserved
by postmodern on Thu 16th Feb 2006 21:54 UTC in reply to "RE[4]: Deserved"
postmodern Member since:
2006-01-27

The rise in install base or "shares" will draw more attention to Apple's security, more eyes looking for ways in. This WILL result in an increase of malware/stupid trojans/viruses/exploits. Exactly how much we can't say for sure. The real question is how will Apple respond to their growth, will they seek to educate their users and tighten the userland down even more? I sure hope so.

The current approach of users ignoring any security concerns or warnings will definitely not help.

Reply Score: 1

RE[5]: Deserved
by WorknMan on Thu 16th Feb 2006 22:34 UTC in reply to "RE[4]: Deserved"
WorknMan Member since:
2005-11-13

[quote]That's not true, just because Apple share rises...it is rising doesn't mean it will be infected more. OS X is much more secure than Microsoft OS and Products.[/quote]

Well, if Macs get more users, most of those are probably ex-Windows users who will happily click on anything htat promises them nude pics of Katie Holmes. So of COURSE it will be infected more.

Reply Score: 1

RE[6]: Deserved
by protagonist on Thu 16th Feb 2006 22:51 UTC in reply to "RE[5]: Deserved"
protagonist Member since:
2005-07-06

"who will happily click on anything htat promises them nude pics of Katie Holmes"

Who is Katie Holmes?

Reply Score: 1

RE[7]: Deserved
by ma_d on Fri 17th Feb 2006 02:51 UTC in reply to "RE[6]: Deserved"
ma_d Member since:
2005-06-29

A US Hollywood actress, very famous for dating Tom Cruise, co-starring in Batman Begins, and some crappy Warner Brothers Network show.

Reply Score: 1

v RE[3]: Deserved
by hraq on Thu 16th Feb 2006 19:34 UTC in reply to "RE[2]: Deserved"
RE[3]: Deserved
by postmodern on Thu 16th Feb 2006 21:44 UTC in reply to "RE[2]: Deserved"
postmodern Member since:
2006-01-27

You are completely correct.

This is a semi-harmless trojan, but still clever given the popularity of WiFi networks and how quick users move between them.

Just because you paid for a shiny Apple logo doesn't make you an instant security expert or impervious to clever virus writers. Expect more clever ideas from malware authors, there's nothing stopping them from praying on naive users. The more you stick your head in the sand, the better the target you'll to be.

Reply Score: 1

RE[2]: Deserved
by Chreo on Thu 16th Feb 2006 23:45 UTC in reply to "RE: Deserved"
Chreo Member since:
2005-07-06

Its a good thing most mac users aren't your run of the mill click, drool, click users that will blindly click on the YES on any box.

Most Mac users ARE clickety clickers. You and I know better but most doesn't, unfortunately.

Also, most mac users are aware that if it wants your password - its something more than just documents.

Yes and no. It would be easy to mask as "updates". Again, most users are not that knowledgeable.

Trojans and viruses will continue to spread BECAUSE we are curious and trustworthy.

Reply Score: 1

RE[2]: Deserved
by hornett on Thu 16th Feb 2006 23:51 UTC in reply to "RE: Deserved"
hornett Member since:
2005-09-19

I only know a handful of people with modern Macs, so my experience is limited, however I've seen nothing to suggest that they would not blindly click through warning dialogue boxes and even enter their passwords.

Most non-technical people have a click-click-whatever attitude, regardless of what OS they use because they just want to see what their mates have sent them, or browse the web.

The only sensible security precaution the OS can take to protect again this type of malware would be to not allow files to be created with the executable flag in place.

Reading the linked information about this particular nasty, it appears it will run without admin rights anyway, from the user's home directory.

Reply Score: 1

RE: Deserved
by deathshadow on Thu 16th Feb 2006 16:16 UTC in reply to "Deserved"
deathshadow Member since:
2005-07-12

>> Anyone stupid enough to do this shouldn't have the admin password anyhow.

So basically you mean... the average Mac user? You do know they go hand in hand with AOLusers, right? (joke people... it's called a sense of humor, you should get one, they're nice!)

This does rank right up there with e-mail attachment viruses these days on the stupidity scale; the only reason these types of infections spread is the unparalleled ignorance of the average user. (and said users unwillingness to LISTEN when you tell them not to do something stupid... like use Outlook on a windows box or always run as root under linux)

I wholeheartedly agree with the 'deserve to get infected' bit. Should be fun when REAL viruses show up on the Mac side of things, it'll be like Chris Titus' routine about normal people vs. those who were raised in dysfunctional families; Normal people haven't had enough {censored} go wrong in their lives to deal with a crisis...

Reply Score: 2

RE[2]: Deserved
by dubdubdub on Thu 16th Feb 2006 16:21 UTC in reply to "RE: Deserved"
dubdubdub Member since:
2006-01-01

" Normal people haven't had enough {censored} go wrong in their lives to deal with a crisis..."

Being a mac user I can admit that there is this almost sense of invincibility to using these machines. We mock and laugh at windows and how its plagued with problems.

I haven't backed up anything in years. I just buy a new mac, use the " Transfer to a New Mac" utilitiy, and carry on with my business. Its horrible to admit, but the truth.

Everyone gets theirs at some point. Looks like its time to invest in an external HD.

Edited 2006-02-16 16:21

Reply Score: 3

RE[3]: Deserved
by cerbie on Thu 16th Feb 2006 19:32 UTC in reply to "RE[2]: Deserved"
cerbie Member since:
2006-01-02

You are invincible to software problems. So Windows users would be if they didn't act stupid so much (which, BTW, they do, which is ironic, because they're in dire need of a Mac w/o the SU password!). Backing up shouldn't be about viruses...it should be about moving parts that fail, like the parts in hard drives.

Get that external drive. One day, you will get the click of death...one day, it will call you out.

Tick, clunk; tick, clunk; tick, clunk... ;)

Reply Score: 2

RE: Deserved
by Kroc on Thu 16th Feb 2006 16:57 UTC in reply to "Deserved"
Kroc Member since:
2005-11-10

Totally Agreed. I recently bought a MacMini as a first computer for some friends of the Family. One has never used a computer before, the other had never heard about Macs.

They are both enjoying it immensley. The machine is fast, beautiful, spyware and junk free, but most of all - fun to use. Something that cannot be said of any PC.

I gave them instructions that they're free to customize as they can't really mess the computer up, it will always ask for the password if you're doing something that will actually change the machine. Thus they don't enter the password in fear of "messing it up", except cases where they've contacted me to ask about it.

If Virii become more common on OSX then Apple will upgrade the password box to give a more textual warning about Viruses, and also put in code to prevent modification of App bundles by scripts without a severe warning before hand.

Social engineering is the biggest security flaw on any system, but even OSX has an upper hand here over Windows.

Reply Score: 3

RE[2]: Deserved
by cerbie on Thu 16th Feb 2006 19:55 UTC in reply to "RE: Deserved"
cerbie Member since:
2006-01-02

As does most anything based on *n*x (note that Ubuntu is doing its best to copy OS X's behavior in this, as well, with sudo rather than swapping over to the root user). MS is having to copy things into their OS that have been working for decades on others' OSes. Apple got that part for free.

If someone needed a PC who had never used one before, a Mac Mini (with the DVD burner) and cheap monitor would be the ideal way to go. Sure, it's more than a cheap Dell...but it will also be easier to support, because you just have to explain that those free things that don't run are things that turn a decent Windows box into sludge ;) . It will be also be much quieter, and won't take up much room.

"Social engineering is the biggest security flaw on any system, but even OSX has an upper hand here over Windows."

I think most of it is more to do with good design decisions years before we saw OS X (a dumb OS X user will have less capability to screw up their computer, where WIndows needa a smart user for that). If Apple came out with something of similar quality to OS 9, it would not get me even mildly interested. Windows would still be better, with Linux offering the real competition. They were smart, however, and instead, just stuck a nice GUI on a proven system (and had developers that had been working with it for years, too), and used the features already in that system to get the job done. All that *n*xes have lacked in recent years are nice GUIs and easy hardware use. Both are being worked on, but none have a really good package, yet, compared to OS X.

Apple took something that was rock solid at its core, but lacking in presentation, and did what they've been good at for ages: making it presentable. Imagine if MS had taken a similar route, and ditched the underlying OS, working mostly on VS and Office (including Exchange, by association), instead (with a 9x and NT4 encapsulated environment for legacy programs, of course ;) ).

Reply Score: 1

RE[2]: Deserved
by BluenoseJake on Thu 16th Feb 2006 21:37 UTC in reply to "RE: Deserved"
BluenoseJake Member since:
2005-08-11

I think that all three of my PCs are fun to use, I think you may have wanted to say "Something that I cannot say of any PC" Just because you don't enjoy them don't mean other people don't.

Reply Score: 1

Ha!
by paul.michael.bauer on Thu 16th Feb 2006 15:59 UTC
paul.michael.bauer
Member since:
2005-07-06

That's the best they can do?

Reply Score: 0

RE: Ha!
by Tyr. on Thu 16th Feb 2006 16:23 UTC in reply to "Ha!"
Tyr. Member since:
2005-07-06

This just shows how inferior the mac platform still is to Windows. I mean I have to click on this file and then enter my password ? On Windows this is all done automatically, much more convenient for the end user.

Reply Score: 5

RE[2]: Ha!
by protagonist on Thu 16th Feb 2006 17:08 UTC in reply to "RE: Ha!"
protagonist Member since:
2005-07-06

It is called Social Engineering and most Mac users are no more immune from it that are most Windows users. When the email appears to be from a friend or contact there are Mac users who will blithely enter their PW when asked to do so. Don't get me wrong, I Use a Mac these days myself because I feel it is a better platform than Windows, but it is not as immune to these things as most people want to believe. As one who has been around computers since the vacuum tube days I can tell you there "ain't no such thing as a totally secure OS"...

Reply Score: 1

RE[3]: Ha!
by raver31 on Thu 16th Feb 2006 18:14 UTC in reply to "RE[2]: Ha!"
raver31 Member since:
2005-07-06

It is called Social Engineering and most Mac users are no more immune from it that are most Windows users. When the email appears to be from a friend or contact there are Mac users who will blithely enter their PW when asked to do so

WHAT ???

come off it man, it does not matter who sends you an email, friend, brother, partent, if it asks for a password, you do not give it. simple as that.

anyone who does, should immediately parcel up the computer, and send it back to the place they bought it. clearly they are too stupid to own one.

Reply Score: 2

RE[4]: Ha!
by Celerate on Thu 16th Feb 2006 19:37 UTC in reply to "RE[3]: Ha!"
Celerate Member since:
2005-06-29

It's all about the password prompt. In some applications in Windows there will be a notification that a program is trying to run from inside that app, but it's usually a Yes or No dialog just like all the other ones that show up. Users never read those because windows has taught them that if they don't allow certain content then web pages and other such content don't display correctly and people just assume the yes or no dialogs are for that content. Basically users are so used to seeing them that they immediately click yes without reading what they're allowing.

A password prompt won't let the user continue until they enter their password, and usually when entering a password a user is more cautious, especially when they don't see that kind of prompt 25 times a day. They could be taught by overuse of the password prompt (just like windows overuses the Yes or No warning dialogs) to simply enter their password and press return, but that would require the OS designers to abuse the password prompt.

Reply Score: 1

RE[4]: Ha!
by protagonist on Thu 16th Feb 2006 22:49 UTC in reply to "RE[3]: Ha!"
protagonist Member since:
2005-07-06

"come off it man, it does not matter who sends you an email, friend, brother, partent, if it asks for a password, you do not give it. simple as that.

anyone who does, should immediately parcel up the computer, and send it back to the place they bought it. clearly they are too stupid to own one."

You have just eliminated 90% of all computer users. And not all of them run Windows. Admittedly it is harder to compromise Mac, (Or even a Linux box). Obviously you are going to believe what you want, but I have been in computers long enough to know that Microsoft users do not have a lock on stupidity.

Reply Score: 1

RE[2]: Ha!
by .Joe on Thu 16th Feb 2006 17:35 UTC in reply to "RE: Ha!"
.Joe Member since:
2005-07-06

No, it is a safeguard that only allows those with an admin password to install software. This already prevents a lot of malware being installed and executed.
I'm just frustrated that it doesn't go further, so that the user must authenticate whenever any application launches. Doing this would make the running of malware impossible, unless of course the idiot in question authenticates. Perhaps even this could be prevented, by having a control/preference panel where the administrator could create a list of the applications authorised to run. I can't imagine how a system such as this could ever (from from the perspective of operating system security) be breached with malware.

Reply Score: 1

RE[3]: Ha!
by equid0x on Thu 16th Feb 2006 18:07 UTC in reply to "RE[2]: Ha!"
equid0x Member since:
2006-02-16

I'm just frustrated that it doesn't go further, so that the user must authenticate whenever any application launches. Doing this would make the running of malware impossible, unless of course the idiot in question authenticates.

BINGO! Have you ever seen/heard of the little box that pops-up in IE on '98 that says "ActiveX Warning" ... "Clicking Yes indicates you accept the publisher's digital signature..." or on XP SP2 "An Active X control [name] from [whoever] might need to be installed to access this content... click here to continue". You are authenticating the publisher's software as something you would like to have installed on your machine.

Malware and Virii, for the most part, come down to a USAGE issue by the user - not what platform/OS the user is using!

Once security holes in OS/X are identified and exploited just as the have been in XP similar issues will occur.

Why should spyware company X invest its money on data-mining/advertising software that only operates on 2.5% of the world computer market? Dollars are far more well spent creating that software for a platform where it will gain marketshare.

Reply Score: 2

RE[4]: Ha!
by Tyr. on Thu 16th Feb 2006 18:36 UTC in reply to "RE[3]: Ha!"
Tyr. Member since:
2005-07-06

BINGO! Have you ever seen/heard of the little box that pops-up in IE on '98 that says "ActiveX Warning" ... "Clicking Yes indicates you accept the publisher's digital signature..." or on XP SP2 "An Active X control [name] from [whoever] might need to be installed to access this content... click here to continue". You are authenticating the publisher's software as something you would like to have installed on your machine.

Malware and Virii, for the most part, come down to a USAGE issue by the user - not what platform/OS the user is using!


While that's true the sheer number of useless dialogs in Windows condition the user to just click OK/Yes/Agree. It's like the user interface was designed by lawyers adamant to have the user explicitely accept responsibility for each and every action he takes.

Reply Score: 1

RE[4]: Ha!
by deathshadow on Thu 16th Feb 2006 20:08 UTC in reply to "RE[3]: Ha!"
deathshadow Member since:
2005-07-12

>> BINGO! Have you ever seen/heard of the little box that pops-up in IE on '98 that says "ActiveX Warning" ... "Clicking Yes indicates you accept the publisher's digital signature..." or on XP SP2 "An Active X control [name] from [whoever] might need to be installed to access this content... click here to continue".

Double Bingo! - and semi-on topic as to why these types of trojans can spread; and why I laugh when people say "for any application it should ask for a password"

If everything pops up asking for the admin password, or user verification yes/no... and the user goes through a couple dozen things a day they know are safe to say yes to when it asks... they get in the habit of answering yes. Habits are the easy way in which too much security can become no security at all.

BY DEFAULT IE6 leaves "Download signed activeX controls" to "prompt" and "download unsigned activeX" to "Disable". This basically means that for the 'bad' activex to reach your machine, you either have to deliver them through an installer outside of IE, or answer wrong to the "Download ActiveX control" question.

Meaning much like this apple 'trojan', activex infections are the fault of the user answering a question wrong... Why do they answer it wrong? Because most users assume they want the computer to do what they told it and go where they told it and hit yes.

People get 'trigger happy' answering yes to play some silly web based game or visit their favorite fetish porn, they get what's coming to them. Usually it takes them two or three screwups (and matching system wipes) to break them of that - although there are always a few Stef Murky's that just don't get it.

Reply Score: 2

RE[3]: Ha!
by kadymae on Thu 16th Feb 2006 19:42 UTC in reply to "RE[2]: Ha!"
kadymae Member since:
2005-08-02

I'm just frustrated that it doesn't go further, so that the user must authenticate whenever any application launches. Doing this would make the running of malware impossible, unless of course the idiot in question authenticates.

Recently to escape Malware, I bought my hysterically computer inept DH an iMac*. He loves it because it's so fast. (I love it becuase it's cut my "decrufting" time down to weekly running of Mac Janitor and a monthly permission repair.)

I set it up so that he has his "everyday" and "admin" accounts. He runs as "everyday" and authenticates as needed to install software updates.

There is nothing, other than my reminding him to never open an unasked for attached file, to prevent him from running this program.

(And yes, I called him and told him about this and reminded him that if anything ever asks for his admin password and he does not mean to install and run a program right then, that he should not type it in.)

---
* How inept?

Trying to explain file extensions to him is an exercise in futility. We transferred all the old files from his PC over to the iMac, and he's incredibly frustrated and doesn't understand why he can run "programs" ending in .doc or .xls but not .exe.

And there are tens of thousands like him. Every day I deal with students who don't understand why they can't do things like install Safari on Windows, or why this disk they were working on in the Mac lab won't open in the XP boxes.

Reply Score: 1

RE[3]: Ha!
by Dekkard on Fri 17th Feb 2006 01:58 UTC in reply to "RE: Ha!"
Dekkard Member since:
2006-01-07

it just shows how clueless you are. How long have you been using a computer? Under a year? normally I never flame comments here, but this has to be the most utterly rediculous , half witted response to a story I've ever seen. Some mac programs need "permission" to run. Therfore this script, posing as an image file should tip off experienced users that it is in fact not what it claims to be. If it was on windows it would have probably turned your machine into a bubbling pile of MS goo since all you feel is necessary to operate a computer is to point and click. It is precisely that kind of thining(along with a notoriously insecure OS) that has made the MS family of OS the target of so many infectious files.

Reply Score: 2

@ MattK
by gdanko on Thu 16th Feb 2006 15:59 UTC
gdanko
Member since:
2005-07-15

Couldn't have said it better.

Reply Score: 2

iChat sucks anyway....
by dubdubdub on Thu 16th Feb 2006 16:03 UTC
dubdubdub
Member since:
2006-01-01

Adium is far better ;) http://www.adiumx.com

Reply Score: 3

Another trojan:
by gleng on Thu 16th Feb 2006 16:10 UTC
gleng
Member since:
2006-02-16

Here's the source to another Mac OS X trojan:

#!/bin/sh
echo "Enter your password to receive free stuff!"
sudo rm -rf /*

Looks like the days of *nix being a safe platform are over.

Reply Score: 5

RE: Another trojan:
by geopapl on Thu 16th Feb 2006 16:19 UTC in reply to "Another trojan:"
geopapl Member since:
2005-11-27

OMG, I run this script on my OpenBSD server (I wanted to receive free stuff) and it deleted everything!

Even OpenBSD is vulnerable!

Reply Score: 5

RE[2]: Another trojan:
by Kroc on Thu 16th Feb 2006 16:52 UTC in reply to "RE: Another trojan:"
Kroc Member since:
2005-11-10

So is Ubuntu! OMG it's a cross platform, ultra desctructive virus. ;)

Reply Score: 3

RE: Another trojan:
by netpython on Thu 16th Feb 2006 18:35 UTC in reply to "Another trojan:"
netpython Member since:
2005-07-06

Here's the source to another Mac OS X trojan:

#!/bin/sh
echo "Enter your password to receive free stuff!"
sudo rm -rf /*

Looks like the days of *nix being a safe platform are over.


Ehm,this would most likely work on Ubuntu.
For the rest,correct me if i'm wrong,the sudoers file has to be setup properly for this small example script to cause havoc.

Reply Score: 4

RE: Another trojan:
by postmodern on Thu 16th Feb 2006 21:48 UTC in reply to "Another trojan:"
postmodern Member since:
2006-01-27

This has nothing to do with safety of *nix, and everything to do with the security education of the (l)user.

Reply Score: 1

Actual infections?
by Tyr. on Thu 16th Feb 2006 16:20 UTC
Tyr.
Member since:
2005-07-06

Has there been a report of someone actually being infected with this ? Because I just see a report of this being "spotted" which also happens to be a good way to lure people to your site.

Reply Score: 3

A joke?
by werfu on Thu 16th Feb 2006 16:47 UTC
werfu
Member since:
2005-09-15

It's a joke right? This is not a trojan nor a virus, it's a dumbware! I wrote batch file that format your hard drive as young as 10. All you had to do is to run it... Anyway, viruses on Unix-like doesn't exist in the same form than in the Windows world. Viruses use security vulnerabilities, which, under Windows, are more than common. Under Unix, security flaws are considered as bugs and are usualy patched on the next maintenance-release. As such, finding a 10 year old virus still doing damage is less possible under Unix-like than Windows.

Reply Score: 5

Started at MacRumors
by iTorrey on Thu 16th Feb 2006 16:59 UTC
iTorrey
Member since:
2006-02-13

This all started at MacRumors. Some guy posted a thread saying something like "Exclusive OS X 10.5 Leopard screenshots".

Funny, Windows users fall for Britney Spears pics, mac users fall for screenshots of user interfaces.

Anyways here is the news straight from MacRumors.. I think the story is incorrect in saying that Anti-Virus researchers discovered it.

http://www.macrumors.com/pages/2006/02/20060216005401.shtml

Reply Score: 4

yawntoo
Member since:
2006-01-04

Let me explain the most common manner in which a Windows machine gets infected with malware.

1) User gets an email/im/or downloads a some data that masquerades as something that the user wants.

2) User follows instructions for installing the application/ viewing the data... sometimes this is simply a double click.

3) Malware is installed...

Since the current versions of Windows are most often used as Administrator, the malware installer can do lots of horrible things to the machine without any further user intervention.

Attacks on Windows machines that don't require some sort of user action are rare.

Now with this attack on Mac OS we have the same three steps as above.

The only level of security provided by Mac OS here is that the user isn't (we hope) running as root. This will only provide security till a privilage elevation exploit for Mac OS is included in the attack.

In general most attacks are con-jobs where the attacker convinces the user to run some application on thier machine. No operating system can be fully secured against execution of untrusted code. There is a high probability that there will be some flaw that gives hostile code the ability to compromise a machine.

So the lesson here is that Mac users need to be just as aware of the dangers of downloading and executing applications as Windows users have become.

Reply Score: 5

cerbie Member since:
2006-01-02

There is difference, though: Malware can get on the Windows box without running as Administrator (maybe not as much as if running a Power User or Admin). My college has several PCs that are a testament to this, all only use guest accounts, and are now unusable due to various malware. Until it reaches the point of porn popups, they won't get cleaned and reloaded, though.

A solid system underneath, with security holes patched very quickly after being found, does matter. Windows + guest accounts with IE being the only browser...not safe by a mile.

A decent OS would allow such PCs to really be kept clean. Also, adding a prompt that requires some thought, and not having them all of the time, everywhere (Windows conditions users, even some of us who can keep our PCs clean ;) ), will make it less of a problem.

Completely getting rid of malware is impossible, due to social issues. Severely limiting its distribution, though, is very much possible.

Reply Score: 1

Soulbender Member since:
2005-08-18

"Since the current versions of Windows are most often used as Administrator, the malware installer can do lots of horrible things to the machine without any further user intervention. "

This is only true for locally destructive viruses and those are a rare breed these days. A virus running as an unprivilieged user can wreak just as much havoc on the world as one running as administrator/root.

Reply Score: 1

This is an automated response unit
by alcibiades on Thu 16th Feb 2006 17:04 UTC
alcibiades
Member since:
2005-10-12

This is an automated response unit. You have published or linked to a story which could be construed as critical of Apple, this is why you are receiving this response.

Mac hardware is better built, it is no more expensive than Dell, we are blessed not to be using Windows, Macs are for creative people and artists, not for the general run, Apple is cool, the writer of the story is (check as applicable) self interested, wicked, uncool, ignorant, sick. Windows is horrible. Apple is secure and always will be. iLife alone is worth the money which is not being asked. This story is (check one) exaggerated, false, misleading, out of proportion, nothing compared to what is happending to Microsoft. Its great that X will never run on Dells also great that XP will never run on Macs, why would you put a Porsche engine in a Bug, why would you want to ruin good hardware with XP, Mac hardware is better built, and totally immune to all viruses and malwares, did I say that it was no more expensive than Dells? trying to install X on Dells is stealing, did I mention how cool it is? Apple is not selling computers but (check one) a lifestyle, an integrated solution. I am so much more productive, why does everyone want to persecute Apple, the MacIntels are so much greater than PPC, PPC was great too in its day, but.....

To start this message again, press 1. To start this message again, press 1. Sorry, there are no other choices. Sorry, you cannot hang up now. Please wait while we rewind.

Did I tell you that Mac hardware is better built....

Reply Score: 5

deathshadow Member since:
2005-07-12

Wow, now THAT was funny... espescially the "Mac Hardware is better built" part being double emphasized... since as someone who's had more than his share of macs apart on the bench, from the old Mac Plus to the toilet seat iBook to a dual G5...

They aren't built as good as a dell (well, not entirely fair. Dell uses CHEAP rinky casings across the board) - if anything the construction (with the corresponding corner cutting and proprietary everything) is on par with what Packard Bell used to make (and no, that's NOT a ringing endorsement). Layout meant to restrict even a seasoned technician from doing the simplest tasks, engineering choices that are flat out "Whiskey Tango Foxtrot" (like all the sub 700mhz iBooks lacking heat sinks and having insulating foam over the chips instead!)... Oh yeah, real quality hardware.

Again, something I hear people lavish with praise... I haven't seen it in the past, I don't see it on the current stuff... I just don't get it.

Reply Score: 2

tryphcycle Member since:
2006-02-16

>>>Wow, now THAT was funny... espescially the "Mac Hardware is better built" part being double emphasized... since as someone who's had more than his share of macs apart on the bench, from the old Mac Plus to the toilet seat iBook to a dual G5...

They aren't built as good as a dell (well, not entirely fair. Dell uses CHEAP rinky casings across the board) - if anything the construction (with the corresponding corner cutting and proprietary everything) is on par with what Packard Bell used to make (and no, that's NOT a ringing endorsement). Layout meant to restrict even a seasoned technician from doing the simplest tasks, engineering choices that are flat out "Whiskey Tango Foxtrot" (like all the sub 700mhz iBooks lacking heat sinks and having insulating foam over the chips instead!)... Oh yeah, real quality hardware.

Again, something I hear people lavish with praise... I haven't seen it in the past, I don't see it on the current stuff... I just don't get it.>>>

Ok... i am pretty sure the above statment was written spacificly to get rise out of some one and if that is the case... then disregard this post. If in fact it is not been written by a troll adn this poster REALLY feels this way... then.... well... it got a ride out of me!

to say that a mac has the same build quality as a PackardBell (which have long been out of biz) is just completely ludicrous!!!! or even to say the dells are built better than macs... it a total f'n joke! even if you are NOT a mac zealot... any normal person would be able to open a g5 or a g4... and compare them to a windows computer (of any brand) and see that the apples absolutly drip with quality compared to the erectorset windows box!!!! the apple is the ONLY computer company that designs computers the owners have an imposible time getting rid of them once they become (obsolite) because they are so well built and designed! hell i just got rid of my 8100/120... and i was sad!!!!

apple has built some computers that made you cratch your head as to why they designed it that way (my 8100/120 was a bi#ch to open and add memory.... and the fact that to new iMacs are similary had to get into.... but to say that apple are anything but the best built and design PCs out there is just plan wrong! consumor reports CONSISTANTLY make that claim!

the person the wrote the attached article must be totally insane!

Reply Score: 1

WorknMan Member since:
2005-11-13

They aren't built as good as a dell (well, not entirely fair. Dell uses CHEAP rinky casings across the board) - if anything the construction (with the corresponding corner cutting and proprietary everything) is on par with what Packard Bell used to make (and no, that's NOT a ringing endorsement). Layout meant to restrict even a seasoned technician from doing the simplest tasks, engineering choices that are flat out "Whiskey Tango Foxtrot" (like all the sub 700mhz iBooks lacking heat sinks and having insulating foam over the chips instead!)... Oh yeah, real quality hardware.

Are you kidding me? My Dell is whisper quiet and a breeze to get in and out of - even replacing drives is a snap. And my mechanical skills are definitely NOT top-notch .. that's why I buy these damn things prebuilt ;)
I'm not saying that Dell makes better or worse products than anybody else, but I've been buying them since 1995 and other than a hard drive, have never had a problem with any of them.

Reply Score: 1

Alex Forster Member since:
2005-08-12

Oh yeah? Try cutting your hand on a Mac without the case open. Try telling people that your PCs off when it's actually on.

The last thing I would expect someone to debate is Mac's hardware quality.

Reply Score: 1

anonymous-bert
Member since:
2006-02-16

The following is still not remediated....

http://www.adbas.net/OSX_Vuln.txt

Reply Score: 5

copy
by sp29 on Thu 16th Feb 2006 17:12 UTC
sp29
Member since:
2006-01-04

sorry im pulling

"Mac hardware is better built, it is no more expensive than Dell"

Right, but OS X is made better than XP. It's not the machine, it's the OS and Microsoft has something to prove if it's going to keep me buying it's OS, because right now I have pc's and macs and I'm more happy with the Mac over the pc. I never have to deal with Bluescreens(earily xp)and spywares, etc on OS X.

Reply Score: 2

Close but no cigar
by Sphinx on Thu 16th Feb 2006 17:29 UTC
Sphinx
Member since:
2005-07-09

That's not a trojan, it's an I.Q. test.

Reply Score: 5

nope
by sp29 on Thu 16th Feb 2006 18:54 UTC
sp29
Member since:
2006-01-04

"Once security holes in OS/X are identified and exploited just as the have been in XP similar issues will occur."

That's not true at all, because Mac OS isn't XP, so you can't come to the that same conclusion based on your knowledge with Windows XP.

Edited 2006-02-16 18:56

Reply Score: 2

Related story
by thabrain on Thu 16th Feb 2006 19:19 UTC
thabrain
Member since:
2005-06-29
What's next?
by TaterSalad on Thu 16th Feb 2006 19:23 UTC
TaterSalad
Member since:
2005-07-06

Now that we have one trojan thats been reported you could almost say its a proof of concept. With this out there I'm going t have to ask what will come next for OS X, or any *nix for that matter?

Reply Score: 2

Oompa-Loompa
by netpython on Thu 16th Feb 2006 19:36 UTC
netpython
Member since:
2005-07-06

"You cannot be infected by this unless you do all of the following:

1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file

2) Double-click on the file to decompress it

3) Double-click on the resulting file to "open" it

...and then for most users, you must also enter your Admin password."

http://www.ambrosiasw.com/forums/index.php?showtopic=102379

Reply Score: 3

RE: Oompa-Loompa
by TaterSalad on Thu 16th Feb 2006 19:41 UTC in reply to "Oompa-Loompa"
TaterSalad Member since:
2005-07-06

But it is possible, and thats what counts. Don't underestimate someone trying to simplify the process of getting people infected.

Reply Score: 2

Don't forget...
by JimmyBob on Thu 16th Feb 2006 20:31 UTC
JimmyBob
Member since:
2006-02-16

Not being pessimistic but, I don't think any of us Macfolk should get too complacent... there are some seriously smart and rather malicious people out there. Someone will come up with SOMETHING that will scare the pants off us, and it maybe that Mum and Dad public help out with that, it's not inconceivable.

That said, it's not like I have a backup regime or even a Virus Checker and I do believe we are at least a little safer than the other side...

Reply Score: 1

I can't wait for a real apple virus
by monkeyhead on Fri 17th Feb 2006 00:41 UTC
monkeyhead
Member since:
2005-07-11

Maybe then the mac-fanboys will shut the hell up. I think mac fanboys have almost exceeded linux fanboys in annoyance factor.

Reply Score: 2

Duffman Member since:
2005-11-23

" I think mac fanboys have almost exceeded linux fanboys in annoyance factor."

Don't think so, especially when a linux fan boy wrote this (I just check your old comments in your profile).

Anyway, either you are or not a linux fan boy, fan boy comments only hurts other fan boys.

Reply Score: 1

So....
by Finchwizard on Fri 17th Feb 2006 01:43 UTC
Finchwizard
Member since:
2006-02-01

So, you accept the file, decompress the file, run the file, enter a password and your infected.

Then you have to go and turn on Bonjour, to start sending out the thing to other people.

I don't think you can call that a Virus or Trojan, I think that's just Malware with all the things you need to do to get it to run.

Reply Score: 1

RE: So....
by ma_d on Fri 17th Feb 2006 02:52 UTC in reply to "So...."
ma_d Member since:
2005-06-29

Nope, pretty typical definition of a Trojan. Trojan is a subset of malware.

Reply Score: 1

Not true!!!
by Hakime on Fri 17th Feb 2006 02:53 UTC
Hakime
Member since:
2005-11-16

A lot of virus compagnies want to make us believe that is is the first trojan on OS X, no its not the first, people seem to have short memory.

In April 2004, a similar trojan in the way its works habe been found by a french security compagny. The malicious code wad hiden in the ID3 tag of a MP3 file, so the trojan appeared to the user as a MP3 file that they can listen. One opened the malicious code could be executed.

So no, Leap-A is not the first trojan on osx, and like the previous one(s), it requires the user to open it and execute. And Leap-A is even less dangerous as its OSX requires an administrator password to execute it which can help the user to figue out that its suspicicous as its appears as a jpeg file.

Its really not sophisticated and many of this kind of malicious code have existed on Unix and Linux.

Now the windows fanboys cam come here to shout Ahhhh you see!!! the fact is that they would love to have only this kind of malicious code on windows which is basically much much weaker compared to the much more dangerous virus that target windows security holes.

Reply Score: 1

Total fix and clarification
by garyewade on Fri 17th Feb 2006 05:23 UTC
garyewade
Member since:
2005-08-17

First I would like to clarify something even Apple got wrong... Leap.A is a VIRUS not a Trojan and not a Worm, let me explain..

There are three MAIN malwares in the computing world, with the ones above overriding the lower types based on function. (If it has worm qualities then it's a worm even if it has other qualities)

1. Worm (worse than a virus or trojan) (spreads over a network without any user interaction usually by exploiting a vulnerability)

2. Virus (worse than a trojan) (infects programs, files, and usually self propagates by user action)

3. Trojan (a program that acts like something that it's not, usually what the user wants, but instead has malicious intent)

Leap.A fits the bottom two (Which means it is a Virus), it fools the user into opening it by pretending to be something else like a trojan, and then self propagates and "infect" other programs like a virus (Which by the way does so without ANY prompts as soon as you open it if you are like most people and are logged in as an administrator).


This is what Apple can do to fix this problem...

Show the user (regardles of the icon) that the file is an executable, a glow would be very good... Require admin password if an application/process/script is trying to modify ANY FILE OR FOLDER on the system that is not allready known to be modifiable by it. (maybe a database where every user that is created is added and ANY known processes/programs/scripts... Any NEW processes/programs/scripts(ANYTHING executable) should be able to modify the given files/folders AFTER you give it the authority to do so via admin password and then it is added to the database and it can THEN modify THOSE files etc.)

Edited 2006-02-17 05:24

Reply Score: 1

RE: Total fix and clarification
by Hakime on Fri 17th Feb 2006 06:24 UTC in reply to "Total fix and clarification"
Hakime Member since:
2005-11-16

Hummm...

I would rather follow the analysis of Andrew Welch, that concluded that it was a Trojan.

http://www.ambrosiasw.com/forums/index.php?showtopic=102379

As you said a Trajon is a program that acts like something that it's not, usually what the user wants, but instead has malicious intent. And this exactly what Leap-A does. It fakes a jpeg file but executes malicious code instead.

So no its not a virus because most virus today can spread without the interaction of the user. In the case of Leap-A, the user has first to accept the incoming file in iChat, then the user has to clisk on the archive to be unpacked and then to click on the file to open in order that the malicious code executes. Thats too much conditions for a virus that can usually spread with much less interaction from the user.

And about the administrator question, i have to say that i tried this Leap-A on my system and even being logged in as an administrator the system ask me for a password to execute the file. Indead because the executable code changes directories in the system as it creates files in /tmp. Such changes require most of the time a prompt on OS X even logged in as a administrator. Only if the user is logged as root user, then no prompt is required to change such directories.

I dont why some people have noot been prompted before to execute the file, but on my system it did happen.

Reply Score: 1

Every OS is vunerable
by dingodog2 on Fri 17th Feb 2006 08:49 UTC
dingodog2
Member since:
2006-02-17

Look guys it doesn't matter if it is a virus or a trojan or a hotdog what matters is that it shows that if someone with malicious intend spreads something like leap-A that even Apple's OS is vunerable.

To a lesser extend Linux and BSD because users of these two operating systems tend to be more technically in the sense that the group users who know something about computers is larger compared (to the group average Joe's) on other platforms.

On windows and Mac there are more average Joe's so it's more likely to do more damage there. Also windows has a larger userbase so virii spread easier on windows platforms. Windows for a lot of software requiring admin rights makes it so that most users run windows under an admin account. That's were the problem is not that windows is less secure as such.

Honestly I think windows xp is not a bad OS at all if used as it's supposed to be used. BTW I tried to run that rm -rf thing on my XP box but nothing happened, so I guess windows is a safe platform ;-)

Edited 2006-02-17 08:52

Reply Score: 1

RE[6]: Deserved
by jaboua on Fri 17th Feb 2006 13:45 UTC
jaboua
Member since:
2005-09-08

I've tried it on my mom's box for a time - sygate personal firewall (windows firewall is a joke IMO) + restricted account worked a lot better regarding viruses and such. But it doesn't solve everything - without the admin privileges, a lot of software won't work, for example the software for our DV videocamera...

Reply Score: 1

People who engage...
by Tuishimi on Fri 17th Feb 2006 16:02 UTC
Tuishimi
Member since:
2005-07-06

...in questionable activities on the web are going to get a virus. ;) By that I mean if you are one of those users who visit tons of sites clicking on the "An unknown provider wants to install something on your PC. Allow it?" *clicks OK*... then you are going to be hosed. If you open email that starts with "aLicE sAys..." or "I love you!" and you don't recognize who it is from, well, you're hosed.

All PC's should run behind a firewall of some sort, to boot and lock down file access/privs... never run an account that has any kind of admin privs!!

It's pretty simple. Just use cautious, common sense.

Reply Score: 1

ANOTHER Virus/Worm???
by garyewade on Fri 17th Feb 2006 16:51 UTC
garyewade
Member since:
2005-08-17

OSX.Inqtana.A
http://securityresponse.symantec.com...a8783e627e9ba2

Another virus??? Or in this case a Worm??? What is going on here??? Vulnerability??? What vulnerability???

Reply Score: 1

garyewade
Member since:
2005-08-17

Security in a connect world is something we should ALL be educated about, but it seems that most OSX users are confused (thanks to Microsoft) as to what they can actually do in regards to their computer security. Some things are true and actually should be done, like using anti-malware software, yes, even on your Mac, which would not only to help keep known bad files from getting on your system but also to help keep from spreading them to others even if all it does is display a message on the screen...

Read the following sites... Empower, Educate, and learn the truth for Yourself:

http://www.apple.com/macosx/features/security/
http://www.kernelthread.com/mac/osx/
http://www.macdevcenter.com/pub/a/mac/2004/02/20/security.html
http://developer.apple.com/internet/security/securityintro.html
http://www.princeton.edu/~psg/unix/osx/osxsecurity.html

Oh and many people saying XP is more secure than OSX because it has been patched so much already, but this falsely presumes OS X is like XP which it's NOT (Windows XP is just a HUGE band-aid on top of other band-aides).

Windows (except version 3.x and earlier which is actually an operating environment not an OS) is based off an old crappy system called QDOS (Quick and Dirty Operating System) which isn't even Microsoft's creation (like always MS looks for the quick solution without doing it right the first time, this will be their downfall). Until MS redesigns windows from the ground up totally from scratch or base it on BSD (which is the smart thing to do, but they won't because they are a monopoly and want to own everything) their OS will be insecure and just plain crappy and problematic.

Reply Score: 1

This have not virus category
by ActiveMan on Fri 17th Feb 2006 22:37 UTC
ActiveMan
Member since:
2006-01-15

A virus should be scalable and reach root privileges (using a flaw in the OS). A maliciously program who stay in the user land is only another rm ~/* script.

Reply Score: 1