Category: 3rd Party Software
Link: Fake Word 2004 demo file causes irradication of a mac\'s Home folder
Posted on MacBytes.com
Approved by Mudbug
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Fake Word 2004 demo file causes irradication of a mac's Hom...
- Thread starter MacBytes
- Start date
- Sort by reaction score
Category: 3rd Party Software
Link: Fake Word 2004 demo file causes irradication of a mac\'s Home folder
Posted on MacBytes.com
Approved by Mudbug
I love it. If you Pirate software you have to be ready for the consequences. A malicious file on the other hand should be the least of your worries.
Now THAT"S funny.
I love his explanation: "I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta."
Yes, and we all know that downloading off Limewire would be much quicker than downloading from Microsoft's servers. Geez.
I love his explanation: "I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta."
Yes, and we all know that downloading off Limewire would be much quicker than downloading from Microsoft's servers. Geez.
Just out of curiosity, is there any way to tell, just by examining the file itself, that it is not actually MS Word 2004?
(And before I get a lecture about pirating software, I own a copy of Office X, which I paid for, and have no intention of upgrading to 2004.)
(And before I get a lecture about pirating software, I own a copy of Office X, which I paid for, and have no intention of upgrading to 2004.)
Flowbee said:
Nah, it's the whole problem of proving a negative.
When software gets released online, the real distributors will offer downloads directly, provide an official list of mirror locations, and/or supply checksums (usually MD5 hashes). Anonymous distribution channels like p2p networks are a really bad place to get executables or sources, unlless you can also get that checksum (and preferably size too) information from a trusted source.
I assumed your comment was a joke, i.e., you were pretending that it might have been MS Word 2004 itself that he downloaded, and that it had a small bug that wipes out your home folder.Flowbee said:
If that's what you meant, good joke!
If that's not what you meant, then I claim that joke as my own!
wow, now that's just got to suck
Unfortunately, this might just be the beginning - I'm sure more will be showing up soon...
D
Unfortunately, this might just be the beginning - I'm sure more will be showing up soon...
D
Doctor Q said:
No joke intended (rare for me, I know). Just wondering if there are any obvious (or not so obvious) give-aways that the file you've downloaded is not what it claims to be.
There's a pretty good discussion of the issue here (MacOSXHints).
And I believe I read there that checking the file size will not necessarily work because this Unix command could also be inserted into the ID tags of, say, a song file (remember last month's proof of concept trojan?), although it seems to me that Apple already did what they could to patch that exploit.
For this particular trojan, one particular protection would be to create a dummy user to open all suspect files, but if the Unix command deleted more than just your user folder, that wouldn't help much.
Essentially, it sounds like the only protection is not to open a file that you don't trust. Call it an MPAA conspiracy, but it sure makes P2P seem like a lot less fun.
And I believe I read there that checking the file size will not necessarily work because this Unix command could also be inserted into the ID tags of, say, a song file (remember last month's proof of concept trojan?), although it seems to me that Apple already did what they could to patch that exploit.
For this particular trojan, one particular protection would be to create a dummy user to open all suspect files, but if the Unix command deleted more than just your user folder, that wouldn't help much.
Essentially, it sounds like the only protection is not to open a file that you don't trust. Call it an MPAA conspiracy, but it sure makes P2P seem like a lot less fun.
dont you have to enter an admin password to delete the home directory? who wants to test the idea? hehe
I only posted this on MacRumors because it has gotten so much attention on various sites.
But my opinion is "no **** sherlock". I don't actually think the person here was an "innocent victim". You search for "Word 2004" on Limewire, then you take your risks.
arn
But my opinion is "no **** sherlock". I don't actually think the person here was an "innocent victim". You search for "Word 2004" on Limewire, then you take your risks.
arn
Not for your own home directory.Marble said:
This is just a case of user stupidity and greed. Nothing to do with MacOS X. It is equally doable on Linux, FreeBSD, Windows ...
You have to take and pass a test to drive a car. I wish the same were true of using computers and the internet.
Flowbee said:
Sure. In this guys case, all he needed to do was use Get-Info. Once the Finder's Get Info window displays, he could have clicked on the icon at the top of this window, then pressed the Delete key. Being that this was an AppleScript, it would have displayed the generic AppleScript applet icon.
I don't use Word, so I can't check the installer icon, but I'd assume you could use the same approach.
Jetson said:
hahah. This guy told us that he was going to pirate Microsoft Word 2004.
He didn't do us a favor. If you're going to pirate software, you should get a virus (let's just call it a slap on the wrist).
Download a demo version. haha, I wonder how long it took him to come up with that excuse.
dontmakemehurtu said:
Interesting moreso that one of those is a concept and the other is a trojan, not a virus.
dontmakemehurtu said:
i would no call it a virus though. i could make an applescript that would do this in 5 lines.
it is just a way to have some ignorant fool (purposefully) delete their home directory. no root files can be touched with this, without a password.
Released exclusively on Limewire.
I'm sure that's where everyone goes when looking for public betas of software.
