Mac OS X Virus/Trojan Summary

Discussion in 'MacRumors News Discussion (archive)' started by MacRumors, Feb 16, 2006.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    The announcement of the release of a Mac OS X trojan/virus/worm yesterday has drawn a lot of attention, confusion and significant misinterpretation. While much of the attention was aimed at the "virus vs trojan" distinction, this energy was misguided.

    On the one hand, some users were quick to dismiss it as a simple "trojan" that anyone could easily script in minutes. While the application was setup to trick the end-user into launching it, the resultant actions it took were far more sophisticated as it was designed to inject itself into other applications on the users' hard drive. Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)

    On the other hand, several saw this as a much more ominous sign for the Mac platform. However, this application itself is of a rather limited threat by the nature of its propogation -- and no particular Mac OS X vulnerability exists which allows the unimpeded transmission of a virus. Unless you specifically downloaded and launched this file, there is no way your Mac could have been infected.

    The signficance of this event is simply the intention behind the release of such malware under Mac OS X.

    For additional reading, Symantec provides a step-by-step guide on what happens when the application launches and what modifications it makes to the users applications, while Andrew Welch of Ambrosia SW finished a detailed technical summary of the application.

     
  2. Guest

    iGary

    Joined:
    May 26, 2004
    Location:
    Randy's House
    #2
    Scary. For real - this is the first time ever I have doubted the security of my Mac. :(
     
  3. macrumors 68040

    Daveway

    Joined:
    Jul 10, 2004
    Location:
    New Orleans / Lafayette, La
    #3
    Now we just have to see how Apple compares to Microsoft on turn around updates.
    I find it amusing that the first possible malicious code to attack the mac platform was released here at our nice forum.:)
     
  4. macrumors 6502

    X5-452

    Joined:
    Feb 16, 2006
    Location:
    Calgary, Canada
    #4
    I read the whole thing on the Symantec website, but I'm still a little confused. What would the end-user see? I know what the malware technically did, but what did it visually do? What was it's purpose?
     
  5. macrumors Core

    iBlue

    Joined:
    Mar 17, 2005
    Location:
    London, England
    #5
    to piss us off, that's my guess. and in a roundabout way, it worked.
     
  6. macrumors 68030

    Joined:
    Sep 20, 2005
    Location:
    New Jersey
    #6
    Same here. I feel a lot better now, though. This exploit definitely did open my eyes to security flaws and how to protect myself from them. While there is no real Mac "virus", this trojan certainly had a lot of Mac users on the edges of their seats. To tell you the truth, I can see another trojan like this one happening, but in a more serious fashion. The instructions were practically unveiled to the public... no offense to MacRumors.

    But hey, this isn't scary. If you have common sense and take precaution, a future trojan can be easily avoidable. I'm sure Apple will release some sort of patch to aid users in the future.

    I'm still relieved it isn't an actual virus... if it was, then I'd scared.
     
  7. macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #7
    I think they have to figure out just what to do first. Change all applications to be owned by root? Or tell users not to double-click on unknown files (which I stopped doing altogether after the MP3 proof-of-concept)
     
  8. macrumors 68030

    risc

    Joined:
    Jul 23, 2004
    Location:
    Melbourne, Australia
    #8
    How do you patch against users downloading and running applications from people they don't know?
     
  9. Guest

    iGary

    Joined:
    May 26, 2004
    Location:
    Randy's House
    #9
    Well no more file transfers via iChat.

    It will be interesting to see if Apple even responds to this.

    My guess is....NOT.
     
  10. macrumors 603

    2nyRiggz

    Joined:
    Aug 20, 2005
    Location:
    Thank you Jah...I'm so Blessed
    #10
    That freaking Bas$$%^$ that posted that crap should be placed in the middle of a town and burn before all the mac heads......na just kidding


    Bless
     
  11. macrumors Core

    iBlue

    Joined:
    Mar 17, 2005
    Location:
    London, England
    #11
    naaah, but it would be nice to unzip and tar him ;) :D
     
  12. macrumors 65816

    faintember

    Joined:
    Jun 6, 2005
    Location:
    the ruins of the Cherokee nation
    #12
    You cant, but Apple could make the OS look at any downloaded file and see if it contains a executable, and notify the user of this, maybe as other posters have mentioned on another thread, by making the icon and text have a "glow" to them that is only visible on executable files. Sounds like it is a step in the right direction for those less-knowing Mac users.
     
  13. macrumors 68000

    Danksi

    Joined:
    Oct 3, 2005
    Location:
    Nelson, BC. Canada
    #13
    Isn't this the key issue here? - I assumed Windows was the only OS that allowed this kind of access by default. Could provide Apple with a little usability challenge.

    (I've since created a new admin account and demoted my day-to-day account to 'standard')
     
  14. macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #14
    You are such a geek. :rolleyes:
    So am I, I laughed :D
     
  15. macrumors 68030

    Joined:
    Sep 20, 2005
    Location:
    New Jersey
    #15
    This sounds like a good idea. Patch it in a stealthy manner, but nothing over bloated like separate software running in the background taking up resources. The average user probably wouldn't recognize a "glow" as hazardous, however. Perhaps a small red ! icon can appear in front of the file that may be dangerous to open.

    I just hope Apple does something about this... I think they would. They seem to care about their OS being the best one on the market. I don't think they would let some trojan knock them off that path.
     
  16. macrumors 65816

    Felldownthewell

    Joined:
    Feb 10, 2006
    Location:
    Portland
    #16
    True, there is no patch for stupidity, but apple could publish the writer's address and phone number. :)
     
  17. macrumors Core

    iBlue

    Joined:
    Mar 17, 2005
    Location:
    London, England
    #17
    here's an idea...

    [​IMG]
     

    Attached Files:

  18. macrumors 65816

    faintember

    Joined:
    Jun 6, 2005
    Location:
    the ruins of the Cherokee nation
    #18
    p0intblank, I cant take credit for the idea, it was posted by another MR member on a separate thread about the new trojan. This seems like an easy enough thing to stop, but then again i am not a programmer, so what do i know.

    All i know is a executable, at some level, has to look like an executable to the OS, so why not visually distinguish them from other file types for the user?

    Edit: Good point iBlue, but why not make that, and say the "red text" or "exclamation" all on by default with no way of turning them off? No harm in that....
     
  19. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #19
    Unless, as John Dvorak is suggesting, they really are just planning on adopting Windows anyways... ;)
     
  20. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #20
    If you want to side-step definitions of what a virus is (some would call this a very weak virus, others wouldn't), you're best bet is to tell people there's never been an OS X virus that could function without the user's help. (Several steps of help, in fact.)
     
  21. macrumors 65816

    Felldownthewell

    Joined:
    Feb 10, 2006
    Location:
    Portland
    #21

    I saw that on mac addict, had a spasm of terror, then started laughing and couldn't stop.
     
  22. macrumors 6502

    Stewie

    Joined:
    Jan 6, 2004
    Location:
    DC
    #22
    Best Fix

    The best thing that apple can do to fix this problem is require any person buying a Apple computer to pass an intelligence test. If you fail you don't get to own one of their computers. The problem is stupidity and I don't think that it is the job of Apple to protect us from ourselves. My feeling is that if you are dumb enough to open a file from a source you are not sure of then you get what you deserve. Kinda like the idiot that puts his hot fast-food coffee between his legs and then burns himself when it spills. With any luck those idiots will sterilize themselves and we won't have to worry about them dumbing down the gene pool any more then it already is.

    I have zero tolerance policy on stupidity.

    My $0.02
     
  23. macrumors 68030

    Joined:
    Sep 20, 2005
    Location:
    New Jersey
    #23
    Is he serious? How can he listen to himself when talking? This will never happen... :rolleyes:
     
  24. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #24
    At first I suggested a mouseover glow effect... but now I think the glow on executables should be a permanent throb. More noticeable, and it wouldn't waste much CPU power since how often do you have to have Finder windows open and showing apps anyway?

    Apps in folder pop-up menus from the Dock should throb as well. And in Column view if you have icons turned off, a symbol should throb next to executables.
     
  25. macrumors member

    Joined:
    Jan 31, 2006
    #25
    Answer: You don't.

    All that happens is that businesses such as Data Doctors open and charge lot's of money to fix people's computers. Data Doctors is making huge amounts of money from stupid users who do stupid things with their computers (mostly PC's). This is good by the way because when I go by a Data Doctors location, I get the opportunity for a laugh. Mostly at the stupid users inside getting repairs. lol
     

Share This Page