The First Mac OS X Virus?

[angelneo]

Wow this is really cool. Everyone thinks Macs are imune to viruses and I'm glad that someone proved that they are very wrong. The only reason Macs rarely get viruses is because such a small percentage of people use them. This is great...I'll finally be able to shut up my Mac loving friends.

By the way I don't support the making of viruses I think its bad. I just think its cool someone proved the Mac lovers wrong.

Trolls alert, trolls alert... <red light flashing> beep beep beep beep beep.

<Do not feed the troll>

 

[Zmmyt]

I wonder what that means for the MR traffic.

If this is the first harmful Trojan and it's all over the news, do they link to the MR article?

 

[blackpeter]

Once you're satisfied that the new account works and that you've remembered the password, turn off the "Allow user to administer this computer" check box for your own regular account. From then on, use the new account to install software, run System Update, etc. Use your now-demoted regular account for your regular daily computing.

A declawed account can still do some things that don't require special privs, like delete your own user files or send malware out to other computers. It will, however, keep your system reasonably safe from unintended modification.

This is great advice. What this will mean for the power user is that you'll have to enter in the Admin password a whole lot more. So they might opt for keeping their Admin privileges in tact. But the home user wouldn't notice it as much, as they don't regularly install software, change system settings, etc.

 

[tag]

Perhaps Apple should make it so that it won't automatically run executable from archives?

It was a handy touch but it always annoys me in a way..

Does it defaultly do that? Whenever I open compressed archives it always just spits out the contents, picture/app/whatever in a folder on my desktop, and doesn't execute any of the contents on its own.

 

[xPismo]

And Safari should have presented a warning prior to downloading an executable file. I don't believe other browsers would.

Good point. Besides, wouldn't a .jpg file be loaded in the browser first?

I'm glad to see security is being talked about, but I'll wait a day or two to see what falls out of this one.

My gut says we havn't seen the 'killer app' virus for mac yet. I still feel very safe.

 

[danielwsmithee]

Security Question!

So being a dumb user that has basked in the glory of the stable and malware free OS X, my normal user account is an administrator account. Seeing this made me create a new seperate admin account and demote my current account to a standard user.

Looking through the permissions on my /Applications directory it appears that about 10-12 applications I am the owner of and not root. Should I change them to be owned by root (chown)? Like the rest of my applications? Or are thy fine left the way ther are?

"dws" is the user name that was an admin and I just demoted to a standard user.

Here are some examples.
drwxrwxr-x 3 root admin 102 Jan 11 09:22 Automator.app
drwxr-xr-x 3 dws admin 102 Nov 21 22:04 BitTorrent.app
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Calculator.app
drwxrwxr-x 3 root admin 102 Mar 20 2005 Chess.app
drwxrwxr-x 3 root admin 102 Jan 11 09:22 DVD Player.app
drwxrwxr-x 3 root admin 102 Mar 25 2005 Dashboard.app
drwxr-xr-x 12 dws admin 408 Feb 2 01:43 DesignWorks??? Lite
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Dictionary.app
drwxr-xr-x 11 dws admin 374 Feb 13 18:58 EPSON APPS
-rw-r--r-- 1 dws admin 1605904 Jan 15 2002 Electricalc 2.0.1 Carbon
drwxr-xr-x 3 dws admin 102 Sep 11 17:34 Emacs.app
drwxr-xr-x 3 dws staff 102 Jan 19 19:45 Fetch Art.app
drwxr-xr-x 3 dws admin 102 Jul 5 2005 FinkCommander.app
drwxr-xr-x 3 dws admin 102 Nov 11 18:03 Firefox.app
drwxrwxr-x 6 root admin 204 Jan 13 07:30 Flip4Mac
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Font Book.app

 

[cwedl]

Two things one positive one negative!

1) Positive - If in the news will give MacRumors publicity.
2) Negative - First Mac OS X Virus! NO!!!!!!!!!!!!

 

[Zmmyt]

Wow this is really cool. Everyone thinks Macs are imune to viruses and I'm glad that someone proved that they are very wrong. The only reason Macs rarely get viruses is because such a small percentage of people use them. This is great...I'll finally be able to shut up my Mac loving friends.

By the way I don't support the making of viruses I think its bad. I just think its cool someone proved the Mac lovers wrong.

Is it a virus?

I think it's good, that there might be a harmful program which could affect a Mac, because people need to check more carefully what they download and execute.

It's good this was the first, more or less, harmless try. Better this way than a wide spread dangerous virus.

I'm curious, what MR does about lasthope.

 

[PC Enthusiast]

Trolls alert, trolls alert... <red light flashing> beep beep beep beep beep.

<Do not feed the troll>

Noob Alert, Noob Alert...<red light flashing> beep beep beep beep beep.

<The noob can't right click>

 

[Peace]

What I find interesting is it affects the PPC but not Intel..

And this "person" to me seems to be ticked at not being able to run OS X Intel on his windoze box so he writes this little script to try and scare people..
This is no virus and a poor shot at a Trojan..
IMeow is wise though in the suggestion of demoting your user account..
It looks for apps and not frameworks or extensions..
THAT would be a destructive virus..

very interesting..Anybody got the original they could send me ? I'd like to check it out..

 

[angelneo]

So being a dumb user that has basked in the glory of the stable and malware free OS X, my normal user account is an administrator account. Seeing this made me create a new seperate admin account and demote my current account to a standard user.

Looking through the permissions on my /Applications directory it appears that about 10-12 applications I am the owner of and not root. Should I change them to be owned by root (chown)? Like the rest of my applications? Or are thy fine left the way ther are?

"dws" is the user name that was an admin and I just demoted to a standard user.

Here are some examples.
drwxrwxr-x 3 root admin 102 Jan 11 09:22 Automator.app
drwxr-xr-x 3 dws admin 102 Nov 21 22:04 BitTorrent.app
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Calculator.app
drwxrwxr-x 3 root admin 102 Mar 20 2005 Chess.app
drwxrwxr-x 3 root admin 102 Jan 11 09:22 DVD Player.app
drwxrwxr-x 3 root admin 102 Mar 25 2005 Dashboard.app
drwxr-xr-x 12 dws admin 408 Feb 2 01:43 DesignWorks??? Lite
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Dictionary.app
drwxr-xr-x 11 dws admin 374 Feb 13 18:58 EPSON APPS
-rw-r--r-- 1 dws admin 1605904 Jan 15 2002 Electricalc 2.0.1 Carbon
drwxr-xr-x 3 dws admin 102 Sep 11 17:34 Emacs.app
drwxr-xr-x 3 dws staff 102 Jan 19 19:45 Fetch Art.app
drwxr-xr-x 3 dws admin 102 Jul 5 2005 FinkCommander.app
drwxr-xr-x 3 dws admin 102 Nov 11 18:03 Firefox.app
drwxrwxr-x 6 root admin 204 Jan 13 07:30 Flip4Mac
drwxrwxr-x 3 root admin 102 Oct 31 20:03 Font Book.app

I think you should just leave them be, changing it to root might cause some access problems later. The worse is that you reinstall some of the applications.

 

[iMeowbot]

Looking through the permissions on my /Applications directory it appears that about 10-12 applications I am the owner of and not root. Should I change them to be owned by root (chown)? Like the rest of my applications? Or are thy fine left the way ther are?

Change them.

Your new separate admin account will help keep newly installed applications from being too easily accessed, but you do want to clean up after the stuff that is already there.

I think you should just leave them be, changing it to root might cause some access problems later. The worse is that you reinstall some of the applications.

It's fine, changing the owner won't take away the execute bits for all users. Installers ask for root privs and won't run into problems at upgrade time, and the admin account can replace drag-to-install applications without hassle.

If you're really worried that chown might have hurt anything, this is one of the few cases where the fabled Repair Permissions (run from the admin account) can check things and actually be useful.

 

[xsedrinam]

I wonder what that means for the MR traffic.

If this is the first harmful Trojan and it's all over the news, do they link to the MR article?

Someone already posted the link in digg a little over 3 hours ago. There have been 255 hits on it, already.

 

[illegalprelude]

Wow this is really cool. Everyone thinks Macs are imune to viruses and I'm glad that someone proved that they are very wrong. The only reason Macs rarely get viruses is because such a small percentage of people use them. This is great...I'll finally be able to shut up my Mac loving friends.

By the way I don't support the making of viruses I think its bad. I just think its cool someone proved the Mac lovers wrong.

Nope. You’re just an idiot and I will prove this in a simple and elegant bulleted list

1. This is a not a virus. For definition of virus is “A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.”
Source: http://www.webopedia.com/TERM/v/virus.html
2. Macs not having viruses have nothing to do with the number of users out there but the OS itself. The reason windows machine (im currently on my PC) get virus’s is due to the faults in the OS and not because there is 100 PC to every Mac.
3. This is the most important one, you made an account to just post this, you need to go out and get laid, even if you have to pay somebody because you need a life.
4. This leads to even more importance, this isn’t a virus witch ties into #1.

 

[Zmmyt]

Someone already posted the link in digg a little over 3 hours ago. There have been 255 hits on it, already.

Good news or bad news?

 

[danamania]

Looking through the permissions on my /Applications directory it appears that about 10-12 applications I am the owner of and not root. Should I change them to be owned by root (chown)? Like the rest of my applications? Or are thy fine left the way ther are?

I'd change ownership of them away from ''dws" to whatever your new admin-only user is. That should leave your /Applications folder in the state it would have been if you'd used that separate admin account from the start.

 

[kalisphoenix]

Wow this is really cool. Everyone thinks Macs are imune to viruses and I'm glad that someone proved that they are very wrong. The only reason Macs rarely get viruses is because such a small percentage of people use them. This is great...I'll finally be able to shut up my Mac loving friends.

By the way I don't support the making of viruses I think its bad. I just think its cool someone proved the Mac lovers wrong.

There are exactly 13.75 metric butt-tons of Mac lovers that this is not proving wrong. Most of us are saying (and have been saying, if you were listening) something along the lines of "No computer attached to a network is invulnerable to the threat of a virus." Windows isn't, Mac OS isn't, Linux isn't, even OpenBSD isn't.

Granted, sometimes we are a little elitist -- and who can blame us? Apple has thusfar been very attentive to security concerns, and we have no reason to believe they've been slacking. This particular doohickey requires that one open a file from an unknown source and then execute the enclosed executable (granted, it's masquerading as a JPEG). It then can only spread to the local network, apparently, by using an OS feature that no one but Apple seems to care all that much for.

As I've opined very recently, I think this is intended to be a wakeup call, not a serious menace -- and I think it's aimed at the vocal extreme minority of Mac users who claim that a virus will never exist for the Mac.

My point is that yes, this may shut up people who don't know anything about operating systems or computer security. Good! I for one will be ecstatic not to hear them piping up during otherwise potentially-intelligent conversations. But as far as proving that OS X is not a robust OS inherently more secure than a default installation of Windows + trappings -- no, this hasn't proven a thing. The rendezvous problem will likely be patched very quickly, and I think this will light a fire under Apple's ass to fix the "executable masquerading as a media file" ********.

In short, everyone wins. Except idiot OS zealots, but then they never win.

 

[EricNau]

Noob Alert, Noob Alert...<red light flashing> beep beep beep beep beep.

<The noob can't right click>

We can right click...



... and yes, there are two buttons there! Our mice just look better than yours.

 

[danielwsmithee]

Good news or bad news?

It's going to be reported on CNET, Wired, PC Magazine tommorrow! It's going to be a tough day at the office being one of the only Mac users!

 

[dialectician]

Yes, because I ran latestpics from a managed account, it didn't have admin privileges. I did that deliberately, in case you're wondering.

Does that mean it makes no difference whether the virus (or trojan or malware - who cares about the name) is executed under the admin account or a user account without admin privileges?

 

[EricNau]

It's going to be reported on CNET, Wired, PC Magazine tommorrow! It's going to be a tough day at the office being one of the only Mac users!

When they try and give you a hard time just say; "The news stopped reporting Windows viruses because they didn't have time for anything else."

...or something stupid along those lines.

 

[iMeowbot]

Does that mean it makes no difference whether the virus (or trojan or malware - who cares about the name) is executed under the admin account or a user account without admin privileges?

Yes, it makes a difference! plinden got "permission denied" messages and the trojan failed because he wasn't using an admin account.

 

[Zmmyt]

It's going to be reported on CNET, Wired, PC Magazine tommorrow! It's going to be a tough day at the office being one of the only Mac users!

I mean MR is a great site, but if the news about a "virus" on Macs spread and it's linked to MR, isn't MR's traffic going to burst?

 

[iBlue]

It's going to be reported on CNET, Wired, PC Magazine tommorrow! It's going to be a tough day at the office being one of the only Mac users!

just ask if they want to keep score.

 

[blackpeter]

It's already hit CNN:

http://www.cnn.com/2004/TECH/internet/04/09/apple.trojan/

Sorry, that was the first-first OS X Trojan. And I remember everyone getting their panties all in a bunch then, also. So let's take a deep breath...

Look, if Trojans and Viruses all of a sudden need administrator passwords to work, then I'd like to add Office 2004 to the list of security risks. Now that's some malicious code.

My point is, if the only way to "infect" a Mac is with an Administrator's permission, then is that really a big threat? It's a lot harder for a criminal to rob you if you don't give him the key to your home.