Indeed, hopefully it will. Although makes one wonder if someone just wrote this to prove this very point...Computer_Phreak said:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac OS X Trojan Warning
- Thread starter MacBytes
- Start date
- Sort by reaction score
realityisterror
macrumors 65816
Computer_Phreak said:
hopefully??
this could make it impossible to claim that there are no mac viruses. what a stupid virus writer. he must really hate apple and the mac. 😡
reality
You'd have to be download or run this...
First its an application that you must run by yourself. Second its a CFM application so it needs its resource fork, creater fork and file type to run.
You'd have to download this thing encoded in a format such as a Stuffit archive and the double click it to run. Basically you'd need to be pretty stupid.
First its an application that you must run by yourself. Second its a CFM application so it needs its resource fork, creater fork and file type to run.
You'd have to download this thing encoded in a format such as a Stuffit archive and the double click it to run. Basically you'd need to be pretty stupid.
I wanna negate the myth that virii is the correct plural of virus 😛 Its Latin roots dictate the correct ending to be "viruses" - as in "buses", for example. Rather than "busii" (buses), or "sinii" (sinuses) 🙂
Ah well - people argue and argue over this one. It's in the Latin 🙂
As Slashdot mentions, its a proof of concept - but, the proof of concept is all it takes to make people follow suit, improvise, and, ultimately, refine their technique. Maybe we can rely on the fact a proportionately higher number of Mac users are intelligent 😉 jk 🙂
andy
i dont understand
Intego makes security stuff?
but what exactly does this mean. does this only happen while using there software. because its talking about mp3's and its making me think that if i download stuff with poisoned or whatever that the files could be infected. please clarify. thanks in advance
Intego makes security stuff?
but what exactly does this mean. does this only happen while using there software. because its talking about mp3's and its making me think that if i download stuff with poisoned or whatever that the files could be infected. please clarify. thanks in advance
Is this real?
I'm not too sure about how real this is, for instance, you can take any Application and change the extension and icon to match an MP3
I'm not too sure about how real this is, for instance, you can take any Application and change the extension and icon to match an MP3
Nny
macrumors regular
A Firm But Definite Maybe.
Yes and no. Maybe. Depends.
The Nimda Worm could affect Macs by creating lots of annoying files. (http://www.securemac.com/macosxnimdasamba.php) Not really it's purpose, though, but annoying none-the-less.
And there was that Samba (or was it Apache?) scare last year.... not a virus or trojan I'm told... just malicious code that had been added to a circulating open source distro of Samba (or Apache, don't remember... too lazy to find link). Very evil.
There are other Unix/Linux viruses and security vulnerabilities that can supposedly affect Mac OS X, but nothing has ever been done.
As far as I know this is the first virus created for intent on harming OS X.
iElvis said:
Yes and no. Maybe. Depends.
The Nimda Worm could affect Macs by creating lots of annoying files. (http://www.securemac.com/macosxnimdasamba.php) Not really it's purpose, though, but annoying none-the-less.
And there was that Samba (or was it Apache?) scare last year.... not a virus or trojan I'm told... just malicious code that had been added to a circulating open source distro of Samba (or Apache, don't remember... too lazy to find link). Very evil.
There are other Unix/Linux viruses and security vulnerabilities that can supposedly affect Mac OS X, but nothing has ever been done.
As far as I know this is the first virus created for intent on harming OS X.
Root Password
Why do people keep saying "well if an MP3 file prompts you for your password and you give it up, you deserve to be hosed!"?
From what I've read, nothing leads me to believe it would require a password. Installers and things that touch /System need a password, but simple standalone apps don't.
And for the record, this is a [possible] trojan, but *not* a virus or worm.
Why do people keep saying "well if an MP3 file prompts you for your password and you give it up, you deserve to be hosed!"?
From what I've read, nothing leads me to believe it would require a password. Installers and things that touch /System need a password, but simple standalone apps don't.
And for the record, this is a [possible] trojan, but *not* a virus or worm.
Yes, but this has the added, potentially real, possibility of permitting execution of arbitrary code, without user knowledge, for example. Potentially damagaging consequences; it's all potential, baybee. Let's hope it stays that way.
andy
bousozoku
Moderator emeritus
This is too funny.
Virus Barrier sales must be minimal. They've been claiming a great need for anti-virus software but there hasn't been any need until now for Mac OS X. One would wonder if they've gone to the trouble to create it themselves. In the days of Ben Franklin, nothing sold fire insurance policies like the company setting your house or business on fire. 😱
Virus Barrier sales must be minimal. They've been claiming a great need for anti-virus software but there hasn't been any need until now for Mac OS X. One would wonder if they've gone to the trouble to create it themselves. In the days of Ben Franklin, nothing sold fire insurance policies like the company setting your house or business on fire. 😱
rueyeet
macrumors 65816
I wonder if the same technique would be viable on the Windows side as well?
If so, I can see the RIAA littering the file-sharing landscape with MP3 files rigged with tag code to erase every MP3 on the user's hard drive and mail itself to everyone in the user's address book, for starters.
If so, I can see the RIAA littering the file-sharing landscape with MP3 files rigged with tag code to erase every MP3 on the user's hard drive and mail itself to everyone in the user's address book, for starters.
stcanard
macrumors 65816
PawnTrader said:
A Trojan is only good if it can insert itself in the filesystem so it continues to exist even after you remove the original source. If it can't write into /System, /bin, /sbin, /etc or /Applications it can't do anything long-term.
The worst it can do is mess up your home directory, which is an easy clean (the clean becomes very tricky when you don't know if it's trojaned the programs you would normally use for the cleaning, or trojaned another program so that it can continue to re-insert itself).
Nothing can protect your home directory, besides regular backups and creating a test account for untrusted applications.
Rower_CPU
Moderator emeritus
_pb_boi said:
And "virii" is common usage. Mouses is an accepted plural for the computer input device, and helps to distinguish it from the small rodent. Why not do the same to distinguish computer infections from human ones?
Latin isn't exactly the best source for computer terminology - I'm pretty sure it was dead for a while before the first PC. 😉
why mac viruses will never be near as bad as pc...
it seems to me that if MOST people who know enough about osx to write a virus for it are not the same people who hate it. not absolutely for sure. right now, however, i think a virus is bad news for osx simply because not that many mac users run any form of virus software. i don't even use a firewall.
in contrast, it seems windows users hate windows users and other windows related companies or companies that use windows servers/computers.
and, of course, allot of linux boys write malicious code for windows as well and they are generally anti-M$.
i know everything
it seems to me that if MOST people who know enough about osx to write a virus for it are not the same people who hate it. not absolutely for sure. right now, however, i think a virus is bad news for osx simply because not that many mac users run any form of virus software. i don't even use a firewall.
in contrast, it seems windows users hate windows users and other windows related companies or companies that use windows servers/computers.
and, of course, allot of linux boys write malicious code for windows as well and they are generally anti-M$.
i know everything
You know what's funny? I was just talking about making little scripts and stuff that will ask you for a domain and stuff and then oprn safari and bring you to them as a nifty little thing. But it did that and open Mail and email at the same time behind Safari. So I think it is a coincidence this comes up because it is pretty much what I was doing for fun. And then after that I made one that looked like a picture, so I'm surprised this isn't my doings.
killmoms
macrumors 68040
Mod(Computer_Phreak,-1,PC Troll)Computer_Phreak said:
Even if it is a trojan, it doesn't sound much different than running an evil application, it's just that it looks like an MP3 file. Besides, who has an MP3 that prompts them for their password? For the app embedded therein to do any real damage, it needs sudo access privileges, so I can't see this being that large a threat.
--Cless
7on
macrumors 601
bah, has anyone used of opened this offending file?
If it is a trojan, all I could see that it could be would be an Applescript file that runs "sudo rm -r /System" or maybe /Users. Even then it'd need a password.
Personally sudo has never settled right with me. Apple should rid the system of the command and only allow root access by logging in as root. Sure it'd be time consuming to delete an undeletable file, but it'd be worth it for the security.
If it is a trojan, all I could see that it could be would be an Applescript file that runs "sudo rm -r /System" or maybe /Users. Even then it'd need a password.
Personally sudo has never settled right with me. Apple should rid the system of the command and only allow root access by logging in as root. Sure it'd be time consuming to delete an undeletable file, but it'd be worth it for the security.
Actually, I have concealed an application, though the app I concealed was concealed as a Quicktime Movie and only gave a mac a fit of belches...
How it's done:
1. Get an application.
2. Get Info application.
3. Reveal 'Name & Extension'
4. Change extension (.app to .mp3)
5. Click 'Use .mp3' in the dialog box that pops up
6. Change the icon
Voila! I'm unsure if this is how the virus was changed, because in every other way than the icon and the name it appears to be an application (Kind will always read application). If this is how the virus was changed, it's not particularly lethal because mail.app will try to prevent you from opening it.
How it's done:
1. Get an application.
2. Get Info application.
3. Reveal 'Name & Extension'
4. Change extension (.app to .mp3)
5. Click 'Use .mp3' in the dialog box that pops up
6. Change the icon
Voila! I'm unsure if this is how the virus was changed, because in every other way than the icon and the name it appears to be an application (Kind will always read application). If this is how the virus was changed, it's not particularly lethal because mail.app will try to prevent you from opening it.
7on said:
Yes, but what if it was just programed to delete everything in ~/Library/Preferences? To many, that would be a nightmare, and it wouldn't need authentication. Or it could delete your address book, or mail folders - all these things are unprotected.
Ok. So what's really going on here:
Intego is trying to tell you, in a very roundabout way - "We're idiots, PLEASE do not use our products."
I've downloaded the "proof of concept" "virus". Ok.
It's an app. With a .mp3 tag on the end. Oooooooooooh! Spooky!
With an (Badly done) iTunes MP3 icon as it's icon. This is not an MP3 file with info hidden in the ID3 tag. (A quick trip to MP3Rage takes care of that)
It's freaking carbon app with an icon and an extension, welcome to Intego's up to date (assuming you still live in 1989) technology. WooOoooOOoooOOO!
Hell, one of the techs at my company built a better Mac OS 9 virus than this a couple of years ago. And by "better" I mean this mofo would torch your system to the ground. It was an Applescript.
The trick isn't making something ugly that can trash your system. It's the propagation, stupid. Most of the windows viruses wouldn't be so bad if they didn't get into your system automatically, mail themselves out to everyone in your address book, etc. That will be the first virus/trojan horse that Macs need to worry about. Not this elementary school level BS that Intego is talking about.
Intego is trying to tell you, in a very roundabout way - "We're idiots, PLEASE do not use our products."
I've downloaded the "proof of concept" "virus". Ok.
It's an app. With a .mp3 tag on the end. Oooooooooooh! Spooky!
With an (Badly done) iTunes MP3 icon as it's icon. This is not an MP3 file with info hidden in the ID3 tag. (A quick trip to MP3Rage takes care of that)
It's freaking carbon app with an icon and an extension, welcome to Intego's up to date (assuming you still live in 1989) technology. WooOoooOOoooOOO!
Hell, one of the techs at my company built a better Mac OS 9 virus than this a couple of years ago. And by "better" I mean this mofo would torch your system to the ground. It was an Applescript.
The trick isn't making something ugly that can trash your system. It's the propagation, stupid. Most of the windows viruses wouldn't be so bad if they didn't get into your system automatically, mail themselves out to everyone in your address book, etc. That will be the first virus/trojan horse that Macs need to worry about. Not this elementary school level BS that Intego is talking about.