Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

FosterKanig

macrumors member
Jul 9, 2003
54
0
Now THAT"S funny.

I love his explanation: "I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta."

Yes, and we all know that downloading off Limewire would be much quicker than downloading from Microsoft's servers. Geez.
 

Flowbee

macrumors 68030
Dec 27, 2002
2,944
0
Alameda, CA
Just out of curiosity, is there any way to tell, just by examining the file itself, that it is not actually MS Word 2004?

(And before I get a lecture about pirating software, I own a copy of Office X, which I paid for, and have no intention of upgrading to 2004.)
 

iMeowbot

macrumors G3
Aug 30, 2003
8,634
0
Flowbee said:
Just out of curiosity, is there any way to tell, just by examining the file itself, that it is not actually MS Word 2004?

Nah, it's the whole problem of proving a negative.

When software gets released online, the real distributors will offer downloads directly, provide an official list of mirror locations, and/or supply checksums (usually MD5 hashes). Anonymous distribution channels like p2p networks are a really bad place to get executables or sources, unlless you can also get that checksum (and preferably size too) information from a trusted source.
 

Doctor Q

Administrator
Staff member
Sep 19, 2002
39,241
6,098
Los Angeles
Flowbee said:
Just out of curiosity, is there any way to tell, just by examining the file itself, that it is not actually MS Word 2004?
I assumed your comment was a joke, i.e., you were pretending that it might have been MS Word 2004 itself that he downloaded, and that it had a small bug that wipes out your home folder.

If that's what you meant, good joke! :)
If that's not what you meant, then I claim that joke as my own! :p
 

Mr. Anderson

Moderator emeritus
Nov 1, 2001
22,558
0
VA
wow, now that's just got to suck :D

Unfortunately, this might just be the beginning - I'm sure more will be showing up soon...

:(

D
 

Flowbee

macrumors 68030
Dec 27, 2002
2,944
0
Alameda, CA
Doctor Q said:
I assumed your comment was a joke

No joke intended (rare for me, I know). Just wondering if there are any obvious (or not so obvious) give-aways that the file you've downloaded is not what it claims to be.
 

Lancetx

macrumors 68000
Aug 11, 2003
1,991
619
Flowbee said:
No joke intended (rare for me, I know). Just wondering if there are any obvious (or not so obvious) give-aways that the file you've downloaded is not what it claims to be.

Well, in the case of this particular trojan it's easy, it's only 108KB, so there is no way it could be a demo of Word 2004.
 

Awimoway

macrumors 68000
Sep 13, 2002
1,506
24
California
There's a pretty good discussion of the issue here (MacOSXHints).

And I believe I read there that checking the file size will not necessarily work because this Unix command could also be inserted into the ID tags of, say, a song file (remember last month's proof of concept trojan?), although it seems to me that Apple already did what they could to patch that exploit.

For this particular trojan, one particular protection would be to create a dummy user to open all suspect files, but if the Unix command deleted more than just your user folder, that wouldn't help much.

Essentially, it sounds like the only protection is not to open a file that you don't trust. Call it an MPAA conspiracy, but it sure makes P2P seem like a lot less fun.
 

eyeluvmyimac

macrumors regular
Oct 27, 2002
229
1
dont you have to enter an admin password to delete the home directory? who wants to test the idea? hehe
 

arn

macrumors god
Staff member
Apr 9, 2001
16,309
5,598
I only posted this on MacRumors because it has gotten so much attention on various sites.

But my opinion is "no **** sherlock". I don't actually think the person here was an "innocent victim". You search for "Word 2004" on Limewire, then you take your risks.

arn
 

Hattig

macrumors 65816
Jan 3, 2003
1,454
88
London, UK
Marble said:
You have to enter a password, don't you?
Not for your own home directory.

This is just a case of user stupidity and greed. Nothing to do with MacOS X. It is equally doable on Linux, FreeBSD, Windows ...

You have to take and pass a test to drive a car. I wish the same were true of using computers and the internet.
 

Jetson

macrumors 6502a
Oct 5, 2003
585
40
Bloated Egos

This is just a case of user stupidity and greed. Nothing to do with MacOS X. It is equally doable on Linux, FreeBSD, Windows ...

You have to take and pass a test to drive a car. I wish the same were true of using computers and the internet.
Why oh why do people feel the need to insult and put others down? The guy did us a favor by reporting some malicious software and he gets attacked from the people who should be thanking him. Sheesh!
 

rotorblade

macrumors member
Jul 1, 2003
67
0
Flowbee said:
Just out of curiosity, is there any way to tell, just by examining the file itself, that it is not actually MS Word 2004?

Sure. In this guys case, all he needed to do was use Get-Info. Once the Finder's Get Info window displays, he could have clicked on the icon at the top of this window, then pressed the Delete key. Being that this was an AppleScript, it would have displayed the generic AppleScript applet icon.

I don't use Word, so I can't check the installer icon, but I'd assume you could use the same approach.
 

xtbfx

macrumors regular
Nov 18, 2003
221
0
Jetson said:
Why oh why do people feel the need to insult and put others down? The guy did us a favor by reporting some malicious software and he gets attacked from the people who should be thanking him. Sheesh!

hahah. This guy told us that he was going to pirate Microsoft Word 2004.

He didn't do us a favor. If you're going to pirate software, you should get a virus (let's just call it a slap on the wrist).

Download a demo version. haha, I wonder how long it took him to come up with that excuse.
 

CrackedButter

macrumors 68040
Jan 15, 2003
3,221
0
51st State of America
dontmakemehurtu said:
Counting this one, there are now two viruses for Mac OS X. One thing that I find interesting is: Isn't it interesting that Intego has announced both of them?

Interesting moreso that one of those is a concept and the other is a trojan, not a virus.
 

idkew

macrumors 68020
dontmakemehurtu said:
Counting this one, there are now two viruses for Mac OS X. One thing that I find interesting is: Isn't it interesting that Intego has announced both of them?

i would no call it a virus though. i could make an applescript that would do this in 5 lines.

it is just a way to have some ignorant fool (purposefully) delete their home directory. no root files can be touched with this, without a password.
 

nagromme

macrumors G5
May 2, 2002
12,546
1,196
The app deleted the user's home folder... so that includes the app itself, right? So how did this get reported to Macworld?

I'm suspicious that the original reporter didn't truly "fall victim" at all.
 

davecuse

macrumors 6502
Feb 20, 2004
419
0
NYC
Later this month it comes out that Microsoft released this, not as malware but as a feature specific only to software pirates. This would definitely be an effective tactic towards steering people away from piracy over P2P networks.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.