- Apr 12, 2001
The announcement of the release of a Mac OS X trojan/virus/worm yesterday has drawn a lot of attention, confusion and significant misinterpretation. While much of the attention was aimed at the "virus vs trojan" distinction, this energy was misguided.
On the one hand, some users were quick to dismiss it as a simple "trojan" that anyone could easily script in minutes. While the application was setup to trick the end-user into launching it, the resultant actions it took were far more sophisticated as it was designed to inject itself into other applications on the users' hard drive. Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)
On the other hand, several saw this as a much more ominous sign for the Mac platform. However, this application itself is of a rather limited threat by the nature of its propogation -- and no particular Mac OS X vulnerability exists which allows the unimpeded transmission of a virus. Unless you specifically downloaded and launched this file, there is no way your Mac could have been infected.
The signficance of this event is simply the intention behind the release of such malware under Mac OS X.
For additional reading, Symantec provides a step-by-step guide on what happens when the application launches and what modifications it makes to the users applications, while Andrew Welch of Ambrosia SW finished a detailed technical summary of the application.