Mac OS X Virus/Trojan Summary

[adese]

is there any where the file is stored for analysis?

 

[Detlev]

Yeah I agree

Millions of Windows viruses = no media frenzy
One poorly written virus for Mac OSX = media frenzy

I think people have more expectation of Mac OS than of Windows, lets face it when a Windows machine gets a virus it's like so who really cares?

Just an FYI, cnet is reporting three issue this week

The flaw exposes Mac users to risks that are more familiar to Windows users: Visiting a malicious Web site using Apple's Safari Web browser could result in a rootkit, a backdoor or other malicious software being installed on the computer without the user noticing anything, experts said. Apple is developing a patch for the flaw, a company representative said. Word of the new vulnerability comes after the recent discovery of a Trojan horse and a worm that target Mac users. The operating system had not been in the security crosshairs previously.

Now, Apple has been the technology poster child for a while and many of the media that were previously wiping egg off their virtual faces are now relishing these flaws. It puts a virtual smudge on that really nice white computer in the public's eye.

Fact is that Apple needs to turn out security updates (and good ones that fix the problems). If they don't sew these up soon they'll be having "special events" and answering questions about the flaws rather than the new products. This is where the public will compare Apple to Microsoft. Who takes care of their users quickly and efficiently?

 

[yojitani]

I'm posting this here just because I suspect this is a virus or malware of some type - probably meant for windoze. i just went to check my dl. manager (in Safari) and noticed that a 16.8 Mb file had been downloaded without my knowledge. The file is titled "cracklib-words" - do you know if there's a way to find out where this file came from, I mean where it was downloaded from? It worries me that SF downloaded this without a promt.

YOJI

 

[Doctor Q]

is there any where the file is stored for analysis?

Yes, a number of companies and individuals with skill have collected and studied copies of each malware program.

 

[nagromme]

The file is titled "cracklib-words" - do you know if there's a way to find out where this file came from, I mean where it was downloaded from? It worries me that SF downloaded this without a promt.

I'm no expert here, but CrackLib seems to be some UNIX thing intended to FIGHT cracking: software that helps you make better passwords by comparing your password to a list of words that would be bad passwords (a feature OS X seems to have built in BTW). And you can download additional word lists for it. Now, malware could be named anything, but most likely you merely downloaded a harmless word list for CrackLib. As you say, even if it's malware it's probably harmless to Macs! More info: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html

As for Safari auto-downloading it, you probably visited some page that was meant to serve that file, even if you didn't know it. Many download sites do TWO things when you click a download link: they display a page AND serve a file. So if you accidentally clicked some random link in a blog or something you might have gotten a page you weren't interested in and hit back, but you still also got the download. Some kind of accidental download like that would be my guess. I've occasionally seen some unexpected game add-on in my download manager, that maybe I thought I was only reading about and it turns out I was also downloading it.

(A web page CAN send you a download--it's often desirable even--but the security issue is whether the browser auto-runs what you've downloaded before you get the chance to see it and judge for yourself. It doesn't sound like anything executed for you, so I wouldn't worry. That would be odd to find though!)