Macs are still immune to viruses PC Enthusiast,PC Enthusiast said:
this one is a Trojan not a virus.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The First Mac OS X Virus?
- Thread starter MacRumors
- Start date
- Sort by reaction score
this one is a Trojan not a virus.
There are only a few people who could have done this.
1.Apple
2.Mac antivirus companies
3.Angry People
4.Microsoft
5.A Windows User
Even with this, OSX is still the best OS on the planet.
1.Apple
2.Mac antivirus companies
3.Angry People
4.Microsoft
5.A Windows User
Even with this, OSX is still the best OS on the planet.
Perhaps the whole "What is an Intel doing in a Mac?"..."A whole lot more than it ever did in a PC" Quote on the commercial and on the site is what made this happen? Maybe Bill Gates got pissed at Apple for switching to Intel? There are just so many options. I am done reading this useless thread though. Bye Now.
kalisphoenix said:
We have defense against things like this, it's called common sense.
Just don't run executable files from unknown sources. It's pretty simple.
And this ain't a virus, it's a trojan horse. The only way to get bit by it is user stupidity.
generik said:
It doesn't do that.
tfaz1 said:
Nope. This app doesn't require a password to install (it doesn't install) or run.
BakedBeans said:
Yes you can! You need a password to make changes to system files, but not to make changes to app files.
I agree with the idea of having ALL apps show the "you are running this for the first time" box, not just ones called from a document.
gedto said:In addition, an antivirus would've been completely useless in this case, because yes! You guessed right! This is no virus.
Most virus software scans for trojan horses. In fact, there's an update to sophos already for this very one.
Cubert said:
Any time run? Bad idea. Password for app modifications? Good idea.
gedto said:
People need to stop spreading this misinformation! You do NOT need to type a password to run an app! This trojan only needs a password if you're not an admin user.
whooleytoo said:
Nope, just verify that the jpeg you downloaded IS that, and not a program.
~Shard~ said:
Doesn't anyone read the damn thread? You DON'T have to enter the password to run this. Could MR please update the article with this fact?
nagromme(And what's the final consensus said:
In all fairness, my understanding is that this looks like a JPEG unless you do a Get Info on it. I think it's a bit much to call it "user stupidity" to click on it.milo said:
If it doesn't look like any other downloaded JPEG file, then I retract my comments.
picaman said:If someone could flesh out this part with a step-by-step explanation, I'd greatly appreciate it.
Also, is there a way to do this globally for all your apps?
Thanks in advance.
Jamie
I would love to give you a good explanation, but I don't know the english synonyms.
But here we go:
1: Set a new admin account (example - name: admin, nick: admin), if your current, regular account is already one.
2: Set your "old" account as a standard account.
3: Go to your applications folder and check each app (go to information) if the app is owned by you or the system.
4: Forget about the system apps (Mail, iDVD, iTunes, etc.)
5: Set your new admin account as the owner of the other apps, which you own. You should only be able to read not to write with your "daily use" account
But don't ask why it's better to set the admin as the owner.
Tymmz said:
Thanks for this. Just a quick question though - are you saying with the new "admin" account, I should change owner of each non-Apple application to the new admin account, and not my regular user account? I think I understand the logistics - if I do run across such a trojan, it couldnt modify said files as I didnt have the necessary permissions?
And speaking of which, repairing permissions wouldnt re-alter any changes I make to the permissions of each app would it?
~Shard~ said:My Mac is still on Panther as well - not for this reason specifically (who would have known!) but because I haven't seen a real need to upgrade. As you say, one other little reason why I'm still satisfied with my decision and am just waiting for Leopard.
The way I see it, OSX upgrades have alternated between technology upgrades (10.2, 10.4) and feature upgrades (10.3, hopefully 10.5). Jaguar introduced technologies such as Rendevous, Quartz Extreme and the Address Book, many of which were only fully used in Panther.
Tiger introduces new technologies (Spotlight, Core Image, Core Video, Widgets, Quartz 2D Extreme) which may only be fully utilized in Leopard. Recent reports seemed to suggest there were two OS teams, working on alternate builds.
Tiger didn't really appeal to me (though I have it on my home Mac, and will have it on my MacBook), but I can't wait to see what's in Leopard - especially given the lenghtier development cycle.
how can i tell if i have this trojan/worm/virus or whatever it is? I'm at school now and my internet stopped working about a week ago. When i talked to the IT department about fixing it they said it was because my port was shut down intentionally (and automatically) by the server. He explained that this is to prevent viruses from spreading and that it could have sensed a virus. He also said that it could have been because i was sharing my wireless internet with a few of my friends and the server only wants one computer on one room line at a time. I recently re installed osx and backed everything up on an external hard drive. Would my external hard drive have the virus? How can i find out of my computer or the external has it. (i also have os x installed on the external).
Another interesting thing that happened to me and a few of my other mac friends is that we always appeared signed on even when we were signed off. We all use adium, and one day i tried signing on to ichat and it wouldn't let me (it gave me some error about the ports already being used or something) which led me to believe that it was because i was already "signed on" in adium. And the online way i could sign off was to select the option to "appear offline" which still isn't signed off...you just look like it.
So could that be a sign of me having this trojan thing?
I don't recall ever downloading the screenshots of 10.5, and if i did, i know i wouldn't have agreed to downloading it if safari gave me a message about it's safety being unclear... Or even if it gave me one of the standard "this may contain an application.." because it's a picture! but from what i understand it doesn't do this....
thanks for any info you can give me.
Another interesting thing that happened to me and a few of my other mac friends is that we always appeared signed on even when we were signed off. We all use adium, and one day i tried signing on to ichat and it wouldn't let me (it gave me some error about the ports already being used or something) which led me to believe that it was because i was already "signed on" in adium. And the online way i could sign off was to select the option to "appear offline" which still isn't signed off...you just look like it.
So could that be a sign of me having this trojan thing?
I don't recall ever downloading the screenshots of 10.5, and if i did, i know i wouldn't have agreed to downloading it if safari gave me a message about it's safety being unclear... Or even if it gave me one of the standard "this may contain an application.." because it's a picture! but from what i understand it doesn't do this....
thanks for any info you can give me.
milo said:
For this Trojan, that would be enough to determine something was awry.
But my point is, this was a basic, obvious trojan. A more subtle trojan (with an attractive, professional website; one which has a genuine use such as a game or utility; and one which doesn't attack immediately and obviously as this one, but subtly in the background after a period of time) could fool anyone.
If you've ever used a shareware or freeware program, or if you've used open-source software without verifying it's entire source code and resources, it's entirely possible you could have downloaded a Trojan to your Mac. It's not just "dumb" users who are at risk, it's anyone who uses any 3rd party software.
Tymmz said:
Interesting theory!
It does remind me of the recent proof of concept trojan written recently, which the anti-virus companies seized upon as a genuine attack 'in the wild'.
Sorry to be unobservent
But has anyone actually reported/sent a sample of this to clamav and the like?
clamav sample submission page
But has anyone actually reported/sent a sample of this to clamav and the like?
clamav sample submission page
I realize that this resolves mostly around social engineering. The best way to defeat social engineering is through education.
Probably a good time to reenforce good computing habits: This is all the more reason to not use your admin account for normal day-to-day activities. (This, sadly, is the default for OS X.)
Some good advice: Open System Preferences right now and create a new user. Make that user an admin. Now, demote your own account down to a standard non-priveleged user account.
This way, when the supposed "picture" asks for an admin username & password, you can click on the cancel button. (A "picture" shouldn't require admin priveleges anyway.)
It's good computing practice not to be logged in as an admin all the time anyway.
So perhaps this was a good thing for the Mac community: Help them to be more educated and aware of safer computing habits.
Probably a good time to reenforce good computing habits: This is all the more reason to not use your admin account for normal day-to-day activities. (This, sadly, is the default for OS X.)
Some good advice: Open System Preferences right now and create a new user. Make that user an admin. Now, demote your own account down to a standard non-priveleged user account.
This way, when the supposed "picture" asks for an admin username & password, you can click on the cancel button. (A "picture" shouldn't require admin priveleges anyway.)
It's good computing practice not to be logged in as an admin all the time anyway.
So perhaps this was a good thing for the Mac community: Help them to be more educated and aware of safer computing habits.
Bad move macrumors.com!
I don't know if anyone has said something like this but I'm not going read all 400 some odd posts. By posting this thread and article in the first place, macrumors.com has made a HUGE mistake. This person was obviously just doing this so he could be the "first" to do it and get a bunch of attention. Now we've given him exactly what he wants. The proper response should have been to delete the thread he posted, ban that user and never speak of it, NOT tell the world about it. We've only encouraged this kind of behavior. Very bad move macrumors!
I don't know if anyone has said something like this but I'm not going read all 400 some odd posts. By posting this thread and article in the first place, macrumors.com has made a HUGE mistake. This person was obviously just doing this so he could be the "first" to do it and get a bunch of attention. Now we've given him exactly what he wants. The proper response should have been to delete the thread he posted, ban that user and never speak of it, NOT tell the world about it. We've only encouraged this kind of behavior. Very bad move macrumors!