DOH! Be careful not to listen to a word I say.

Discussion in 'General Mac Discussion' started by Felix_the_Mac, Sep 14, 2004.

  1. Felix_the_Mac macrumors member

    Joined:
    Aug 18, 2003
    Location:
    UK
    #1
    I am stupid.
    Really, really stupid.

    For no good reason, (since I don't need it and it is not exactly exciting), I decided to download a torrent of a particular well known productivity suite.

    Now I have read messages elsewhere from people who have downloaded very similar stuff before. Did I mention that my IQ is similar to the percentage of nitrogen in the earths atmosphere?
    (My only defense is that these other idiots were talking about a preview file which was less than 2MB whereas I downloaded 280 MB)

    So this .zip file duly downloaded and automatically (?!) unpacked itself.
    (Zip file ... was that a clue?)

    I try to launch iCal and am surprised that it cannot be found, so I investigate my Applications folder and the trash but it has gone.
    Then I notice a large amount of processor and disk activity and it slowly dawns on me that I have been had. The zip file contained a script to do nasty stuff to my machine.

    Have finally caught on to what is happening I shutdown my machine.
    Now (having restarted) I can't even tell what damage has been done.

    Until yesterday I was one of those peole who bragged about how secure and safe and virus free Mac OS X was. Also, I was one of those people who advised against using AV software on Mac OS X. Now I don't feel so good.

    I am pretty security conscious:
    i) I use the firewall
    ii) My OS is up to date with all patches
    iii) I use Little snitch to catch rogue apps trying to access the internet.
    iv) I use FileVault
    V) I use secure passwords (try out apg Automatic Password Generator)

    but none of this did me any good.

    Also, I was going to backup my machine last night but the pron was too diverting.

    Questions:
    1) Is there any way I can figure out what has been deleted?
    2) Arent recent security patches supposed to prevent this?
    3) Would one of the major AV packages have prevented this?

    DOH! Bad Dobbie! Naughty Dobbie!!! :mad:
     
  2. Diatribe macrumors 601

    Diatribe

    Joined:
    Jan 8, 2004
    Location:
    Back in the motherland
    #2
    If it was a script there's not much you can do besides using common sense, which seems to have left you. Scripts are not viruses they are simply macros and since you should never execute one you don't know....
    You know all the steps to prevent it: use common sense. If you can't you may need to set up your account with reduced privileges ;)

    And having made no backup before installing torrent software? That's asking for trouble but again: common sense.
     
  3. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #3
    I'll let you assume I'm chuckling a little bit throughout this... it is unfortunate for you but downloading programs you shouldn't have is a no-no. I would of course be saddened if it was myself in your current situation. I feel for you but I also feel like laughing... :)

    Soooooooo...

    OS X is not supposed to prevent against this in any way, shape, or form. It does allow me to write a program and/or script that will delete whatever I want (within permissible reason). Most likely you executed the program, maybe even typed in your password to let it install. There is no reason for OS X to prevent this.

    It's doubtful a virus scanner would have caught this. Unless it was actually a virus which I'm getting the impression it wasn't since there are currently no virus's for OS X. It was most likely a program that just deletes things. There's nothing against writing one of these.

    There probably isn't a good way to determine what was lost. I doubt the program kept a log (you can poke around to see if it did). I would recommend formatting the system. Aside from deleting files who knows what else the program has done. It may have installed a key logger, disabled Little Snitch, etc, etc.

    Have fun. I hope we've all learned something here.

    *gives Felix_The_Mac a little hug while laughing a little bit*
     
  4. BakedBeans macrumors 68040

    BakedBeans

    Joined:
    May 6, 2004
    Location:
    What's Your Favorite Posish
    #4
    hmmmm........ well.... thats a bit of a bugger isnt it...
     
  5. Felix_the_Mac thread starter macrumors member

    Joined:
    Aug 18, 2003
    Location:
    UK
    #5
    Thanks for the hug!

    To clarify:

    1) I did not enter my password at any time (I would have woken up if I had seen th prompt)

    2) It wasn't just a script. It was a file called xyz.zip of approx 280MB. Following the download I did not take any further action.

    3) It was not a valid .zip file since neither Stuffit nor winzip could unpack it.

    4) It's default application launcher was BOMArchiveHelper

    I think it either contained a handler ie: run script: xys (or whatever it is) which I believe was the target of recent security patches
    OR
    it was actually a .app renamed to xyz.zip.

    (I think is might have to downlaod it again to investigate!)
     
  6. Counterfit macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #6
    Didn't that fake file come out a week or two before the official release of (un)said suite? :rolleyes:
     
  7. Felix_the_Mac thread starter macrumors member

    Joined:
    Aug 18, 2003
    Location:
    UK
    #7
    Yes, that is what I shall do.

    One user for work & mail
    One user NOT ADMIN for internet, torrents, pron

    Backup my preferences from the internet user regularly to a folder in ~/Work User/

    Maybe set up a log off script for the Internet user to copy its prefs to /Users/Shared and a log on script for the Work user to comove them to ~/prefs_backup.

    If I put my mind to it I may be able to protect myself against my own stupidity :).
     
  8. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #8

    Nah... something else will come up... ;)
     

Share This Page