Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

The First Mac OS X Virus?

I'll say it again to all the people telling me I was negating it being a virus by saying "it is just an app". It doesn't propagate itself. It tries, but trying alone isn't enough. Once it actually spreads itself via email or iChat, I'll call it a virus. Until then it is just malware.
 
jsw said:
Which would make them trojans.

Which is an important distinction.
Click to expand...

Even virii require user interaction, but I think the key difference with Trojans is how they propagate, not how they're launched. Trojans require the "victim" to want them and go out and download them. Virii typically propagate from machine to machine automatically by email or instant messaging - but they still require user interaction on the other end (a double click) to do their black magic.
 
Diatribe said:
I'll say it again to all the people telling me I was negating it being a virus by saying "it is just an app". It doesn't propagate itself. It tries, but trying alone isn't enough. Once it actually spreads itself via email or iChat, I'll call it a virus. Until then it is just malware.
Click to expand...

It's still a virus, just not a very good one!
 
That link was exactly what I was looking for. I'm sorry I didn't read through ALL 7 PAGES before asking a question. Geez, quit it with the bad attitude people.
 
Banning

Ja Di ksw said:
Didn't want to risk getting banned :eek:
Click to expand...


Sorry for the Noob question here, but the (now closed) thread in which lasthope posted the trojan has a lot of posts about banning him.

Can someone really be banned from this forum in a way that they won't just create a different moniker and rejoin?
 
whooleytoo said:
Virii typically propagate from machine to machine automatically by email or instant messaging - but they still require user interaction on the other end (a double click) to do their black magic.
Click to expand...

No. Not anymore.

I still remember about 5 years ago when the machines at work were all hit by the NIMDA virus. I was chugging along happily on my computer when suddenly things started to get very, very slow, and I realized what was happening.

Prior to that, viruses were only activated when you opened the wrong attachment (typically a .scr file). I'm a smart guy, and I knew never to click on those (and a lot of them did come my way). But this one automatically launched as long as your PC was connected to a network drive where the virus executable was stored. And as it launched, it would write itself onto more and more networked resources, and so on...

Nowadays, thanks to a combination of lax Windows security and black magic, if you were to leave an unprotected Windows PC connected to the internet and DO NOTHING with it, you'll find that it gets infected within a very short time - some say minutes, others say seconds. Just sitting there.
 
jsw said:
Which would make them trojans.

Which is an important distinction.
Click to expand...

Actually, no - it isn't. If you think that only viruses are security threats, then there are really no current security threats for Windows either. No one in their right mind writes "viruses" for Windows anymore - it's all trojans or worms, because they're far more effective. And if you think that a trojan or worm is somehow less dangerous than a true virus, you're living in cloud cuckoo land.

jsw said:
BTW, nice use of a antivirus vendor's site to show how bad the virus situation is. :rolleyes: No hidden agenda there for them, right?
Click to expand...

I don't get your meaning. If you mean they have an agenda for the Mac, they don't - F-Secure doesn't have a Mac product. Sure, they want to sell product on Windows, but in order to sell product you have to be trusted - and trust means not over selling the threat. That's why I don't use Symantec - I don't trust their expertise. I do trust F-Secure, and also Kaspersky.

I'd recommend you read Kaspersky's report on malware trends in 2005 if you want to start posting from a position of knowledge about Windows malware. It's at http://www.viruslist.com/en/analysis?pubid=178949694. As you'll see, Trojans accounted for 89% of all Windows malware in 2005, with worms and viruses put together only accounting for 6%. And, of that 6%, a total of 1.2% were "true" viruses. Virus writing is effectively dead. The only new malware is either Trojans or worms.
 
eMagius said:
Yes and no. "rm -rf ~" will still delete all your personal files with no need for password authentication, so if this "virus" were to do something as simple as that, you'd still be screwed. But "rm -rf /" wouldn't be able to delete the system files. Personally, if I find myself in a position where I have to restore all my personal files from a backup, I tend to go for a full reinstall while I'm at it.

What's the difference between a trojan and a regular application, anyhow? Only the user's perception of the software's "goodness" -- and there's no real way to quantify such.
Click to expand...

Exactly what happened to me back in 2004, as above said in my previous post; I inadvertently clicked on a disguised file (sent via a friend's faked email), it was a script and it erased some of my Home files, making use of the password grace period.

This is a Trojan script and there is little we can do about it, apart from some future update by Apple which identifies a discrepancy between icons and real status of the file (app, picture etc.)...

I am just not sure about the self-propagation possibilities of this file...if it indeed has it, it IS the first Mac OS X virus ever...if not, the simple script I received 2 years ago is much older and dangerously effective than that.
 
eme jota ce said:
Sorry for the Noob question here, but the (now closed) thread in which lasthope posted the trojan has a lot of posts about banning him.

Can someone really be banned from this forum in a way that they won't just create a different moniker and rejoin?
Click to expand...

You can ban IPs but that doesn't keep people away if they can change them.
 
Trojans are not so bad. I'll tell you what is worse:

1. Malware that targets files. Apps can be reinstalled, OSs can be too but files can not.

2. Malware that target the boot sector and other low level parts.

3. Worms that spread.

4. Spyware and Adware. Just plain annoying.

This malware does none of this. Give us a proper virus.




EDIT: You have to think of incentives. The biggest incentive of all is money, which is why spyware and adware is so 'popular'. The next is time, which is why no one writes mbr and boot sector viruses anymore. The last is damage and bragging rights (although it depends on the person).

Worms and Trojans are not as popular as they were (on the pc). If someone really values their bragging rights then expect to see a devastating virus for OS X because someone will want to become the first person to write a destructive, self propagating virus for OS X. And don't say it won't happen. There are some very clever people like the guys who cracked OS X for intel who if they want to, will.
 
notjustjay said:
No. Not anymore.

I still remember about 5 years ago when the machines at work were all hit by the NIMDA virus. I was chugging along happily on my computer when suddenly things started to get very, very slow, and I realized what was happening.

Prior to that, viruses were only activated when you opened the wrong attachment (typically a .scr file). I'm a smart guy, and I knew never to click on those (and a lot of them did come my way). But this one automatically launched as long as your PC was connected to a network drive where the virus executable was stored. And as it launched, it would write itself onto more and more networked resources, and so on...

Nowadays, thanks to a combination of lax Windows security and black magic, if you were to leave an unprotected Windows PC connected to the internet and DO NOTHING with it, you'll find that it gets infected within a very short time - some say minutes, others say seconds. Just sitting there.
Click to expand...

This is simply factually inaccurate. Take a new PC out of the box, and, just like Mac OS X, it has its firewall enabled by default with only limited ports open.

As for Nimda, as long as you've patched Windows since 2001, or use a more recent version of Outlook, you're safe. And, of course, if you didn't use Outlook, you were always safe :)
 
xsedrinam said:
And Safari should have presented a warning prior to downloading an executable file. I don't believe other browsers would.
Click to expand...

People should be able to clearly see that it's a .app. Why would anyone put screenshots in an App? It's common sense. Also, if you choose the option "show all file extensions" in Finder prefs... it should force the executable to say .app. So it's a very stupid way to make ME click on it to see screenshots... hehe.
 
TheSpaz said:
People should be able to clearly see that it's a .app. Why would anyone put screenshots in an App? It's common sense. Also, if you choose the option "show all file extensions" in Finder prefs... it should force the executable to say .app. So it's a very stupid way to make ME click on it to see screenshots... hehe.
Click to expand...

I don't think you need to have .app on the end of a file to make it executable. Certainly, I've run applications after removing the .app from the end of them.You simply need to mark it as executable in the file system.
 
EvilMole said:
This is simply factually inaccurate. Take a new PC out of the box, and, just like Mac OS X, it has its firewall enabled by default with only limited ports open.
Click to expand...

OK, so my "nowadays" was a little antiquated, but the fact is I've been well-removed from the Windows world of habitually installing service packs and updates ever since I switched to OS X in 2003. But yes, if everyone's using a proper firewall, all is well.

If you want to scare yourself, look at your firewall/router's intrusion logs and see all of the attempts at portscans and other fun stuff that it is blocking for you. On mine, I get them every couple of seconds. Just think of what would happen if you did NOT have the firewall (and in that regard my point still stands).

NIMDA is obviously no longer a threat today, but it was my awakening. Prior to that day I was absolutely sure that I would be safe from virii because I would never be stupid enough to download or open an unknown attachment...
 
how long before we start seeing more and more of these things...:confused:

I hope apple comes out and makes a public adress to this issue. Even if we as a user have to activate it, how long before the automated virus' make their way to macs?
 
And to think it came from our favorite forum! Very interesting I guess if you can't find a security hole you might as well use error.
 
notjustjay said:
OK, so my "nowadays" was a little antiquated, but the fact is I've been well-removed from the Windows world of habitually installing service packs and updates ever since I switched to OS X in 2003. But yes, if everyone's using a proper firewall, all is well.
Click to expand...

Oh, not everyone is, unfortunately. There's plenty of machines out there pre-Windows XP SP1 that aren't set up properly. But, to give Microsoft some credit, they've cut down drastically on the amount of little stupid things that made Windows less secure. It's only the big stupid things that are left now :)

notjustjay said:
If you want to scare yourself, look at your firewall/router's intrusion logs and see all of the attempts at portscans and other fun stuff that it is blocking for you. On mine, I get them every couple of seconds. Just think of what would happen if you did NOT have the firewall (and in that regard my point still stands).
Click to expand...

Yeah, it's scary. There's lots of script-kiddies out there running detection software. I used to have a programme that automatically emailed abuse at whatever their ISP was based on the intruder's IP address - I know there were a few bans handed out because of it :)

notjustjay said:
NIMDA is obviously no longer a threat today, but it was my awakening. Prior to that day I was absolutely sure that I would be safe from virii because I would never be stupid enough to download or open an unknown attachment...
Click to expand...

There is no such thing as absolute security, on any platform. There's no doubt holes in Windows and Mac OS X that haven't been discovered yet. But the point is that the majority of malware writers don't rely on security holes - it's far easier, and more effective, to write stuff that exploits user-stupidity.
 
There is no such thing as absolute security, on any platform. There's no doubt holes in Windows and Mac OS X that haven't been discovered yet. But the point is that the majority of malware writers don't rely on security holes - it's far easier, and more effective, to write stuff that exploits user-stupidity.
Click to expand...

Well said.
 
dialectician said:
Does that mean it makes no difference whether the virus (or trojan or malware - who cares about the name) is executed under the admin account or a user account without admin privileges? :confused:
Click to expand...
I didn't run it under an admin account, for obvious reasons. If I had an older Mac lying around that I didn't care about having to reinstall Mac OS X on, I might have continued on these lines.

However, all the apps for which the Permission refused message was displayed were owned by an admin account, not the managed account, meaning that lastpics was unable to change anything. However, I was not asked for an admin password, which is puzzling. I don't have the resources (ie. not willing to risk my iMac) to pursue this further. I just think the app isn't smart enough to try to do anything as superuser, or that the OS is smart enough to not run sudo from a nonadmin account.

It's interesting to me that it didn't appear to try to modify root-owned applications like Safari, rather just user-installed apps. So it seems there is some intelligence there.

And I have to say, once again, most forcefully, that not one of my apps was modified when running this in a managed account

Edit: I've just woken up and am on page 4 of this thread, replying to a reply to one my posts last night, so forgive if this has been rehashed over and over already.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back