The First Mac OS X Virus?

[Mitthrawnuruodo]

And here's a fun trick:

cp /bin/ls ~/'thingy.jpg '

(white space is intentional)

Then get info, give yourself write permission, and paste on your favorite icon.

Yes, neat... but still not too hard to see through, though...

It's like that game: Find three errors...

 

[hdcool]

THIS IS NOT A VIRUS damnit!

Sheesh guys, wake up! This is NOT a virus!

First off: it's an executable disguised! So what, it will run with normal user privileges! It can not harm your system, but ANY program that runs with YOUR privileges CAN delete anything in your homedirectory that you own... .
ANY program... So this is not an exception... . And likewise ANY program can use Bonjour...

IF it wanted to harm your entire system and put itself into other executables, it would need higher privileges, which would NOT be granted, unless a password dialog is popped-up and the user enters his or her password!

Since OS X dynamically checks the content of a file, Safari or whatever descent browser would have warned the user that the downloaded file contains an executable! NOT an image.... .

This is just a damnass Hoax giving OS X a bad name

I can write you a little shellscript that deletes every file on your harddrive, and disguise it as a jpg or png file too... .
Will it work? NO! if you don't understand why, you haven't read my post...
It will run with user privileges!


Damn damn damn, these things make me so mad.... argh...

 

[iMeowbot]

Yes, neat... but still not too hard to see through, though...

It's like that game: Find three errors...

Except that the default isn't column view, or to even have a right button enabled that would reveal that menu...

In real life, the overwhelming majority of computer users is nothing like the little group of MacRumors posters. It makes no sense at all to expect them to do the things you would do.

Seriously, you're starting to remind me of those Wintrolls who expect mere mortals to know how to fiddle with Regedit to make things secure.

 

[frankblundt]

Yes. It is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. It is also a worm - it sends itself to other hosts (via iChat and possibly via email and other IM)..

I thought it was still unknown as to what it was inserting or sending? ie not necessarily itself ie not necessarily replicating ie not necessarily a virus or worm.

 

[xsedrinam]

Originally Posted by Tymmz
Is it a virus?

Yes....

Update from FrontPage: "It appears that there is some debate about the classification of this application, and as it does require user activation, it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X."

Update from Andrew Welch
A few important points
-- At this time, I would classify this as a Trojan, not a virus

Welch Compilation as of 04:00 CST

 

[lrs]

As some man said "where is no patch for human stupidity"
If you think about what you do - you'll never get virus on UNIX

 

[somo]

Anyway, I would realy like to see some pictures of the Leopard 10.5!!!!
Anyone with a link?

 

[steve_hill4]

The more I think about this, the more I laugh...

Pics of OS 10.5...brilliant...

Windows users are tempted by Brittney spears, mac users by a new GUI element in their operating system...

lol

I find that brilliant. But what does that say about us here?

 

[steve_hill4]

OH YES!

No more smug comments from Mac fanbois about virii and spyware. Like their OS is SOOOO immune

I agree, and Leo Laporte was saying similar sentiments on the TWiT podcast the other week. He thinks Mac users like himself are too smug, ignore the potential for security flaws and that Apple must realise that as market share increases, (and actually media coverage too), people will want to attack OS X more and more.

Oh and I hope your spelling of the plural of virus was as much in jest as it was for fanboy. The double i plural only occurs for a word when the singular ends in an "ius", (e.g radius becomes radii). So virus is viruses.

Sorry, rant over.

 

[Applespider]

In real life, the overwhelming majority of computer users is nothing like the little group of MacRumors posters. It makes no sense at all to expect them to do the things you would do.

Yup... which also means they'd be unlikely to download pictures of a new OS a year in advance of it coming out yeah... I know, it's the principle of the thing!

 

[cb911]

i don't get why everyone is so surprised by this? there have already been a few 'proof of concepts' of exactly this.

it's unfortunate that we have to be aware of things like this, but sometimes, i've got to think that if people are guillible enough to run things like this and go around typing admin passwords willy nilly, then they deserve what's coming to them.

and i'm also surprised that this hasn't happened more.

am i the only person who finds this kind of... neat?

 

[Mitthrawnuruodo]

Sheesh guys, wake up! This is NOT a virus!
[...]
Damn damn damn, these things make me so mad.... argh...

Very good post...

And, I know excactly how you feel... except I'm more sad than mad, really...

Except that the default isn't column view, or to even have a right button enabled that would reveal that menu...

What right button...? I'm on an iBook...

Seriously, you're starting to remind me of those Wintrolls who expect mere mortals to know how to fiddle with Regedit to make things secure.

No, I wouldn't expect that from any mortal...

In real life, the overwhelming majority of computer users is nothing like the little group of MacRumors posters. It makes no sense at all to expect them to do the things you would do.

But then again I woudn't expect anyone to try to open something they didn't know what was... and that's my main point...

 

[iMeowbot]

Yup... which also means they'd be unlikely to download pictures of a new OS a year in advance of it coming out yeah... I know, it's the principle of the thing!

And that's the thing, it's even easy to fool people who know enough more than the average user to have interest in a place like MacRumors!

But then again I woudn't expect anyone to try to open something they didn't know what was... and that's my main point...

But they did know what it was, a JPEG image! It said so right on the icon. Icons are for identification, they're not decorations. Those people were using the visual cues exactly as intended. The way the Finder presents that kind of information needs revisiting.

 

[steve_hill4]

Someone already posted the link in digg a little over 3 hours ago. There have been 255 hits on it, already.

Ouch, I hope this doesn't put many off switching. One of the biggest reasons for doing so is down to the wonderful security features, (which I still think need beefing up), and lack of viruses.

If word spreads like wildfire, a lot of people will decide they don't want to go from a system with viruses galore, to one that looks like it could go that way too. Not my thoughts, but I know some switchers will be thinking that.

 

[mdavey]

It *is* a virus. Deal with it.

If it wanted to harm your entire system and put itself into other executables, it would need higher privileges, which would NOT be granted, unless a password dialog is popped-up and the user enters his or her password!

My point was, it doesn't absolutely need the user to enter their password in the dialogue. If a user were to double-click the file soon after installing some other software, Mac OS X would not display the password dialogue again. This is known as the authentication grace period.

As others have pointed out, those that routinely use their first account (the admin account) for day-to-day use are particularly vulnerable. It would appear that most Mac home users have their Macs set up this way.

Denial is not productive at this point. We need to show strength of unity as a community.

 

[Mitthrawnuruodo]

But they did know what it was, a JPEG image!

They thought they knew... but didn't... my point, again...

I'm bored... I'm going over to the web design forum, where I'm appreciated (most of the time)...

 

[iMeowbot]

They thought they knew... but didn't... my point, again...

Ahhhh, now I understand! It's the old tech support axiom: when in doubt, blame the user.

 

[frankblundt]

Ahhhh, now I understand! It's the old tech support axiom: when in doubt, blame the user.

The priests can't blame the Gods, only the sinners.

 

[mcarnes]

All this virus talk makes it feel like October 31st or something, all creepy and *****.

MmmmmWaaaaaHaaaaaaaHaaaaaaHaaaaaaaHaaaaaaaa.

 

[Joe2000]

Oh Dear!

Well I may have just s*** myself.

 

[puuukeey]

planning

what could/should apple do to prevent the inevitable onslaught of malware for the mac platform?

Im curious

 

[nickgoldman]

Sophos is back on my macs as of this morning

 

[BornAgainMac]

Wow this is really cool. Everyone thinks Macs are imune to viruses and I'm glad that someone proved that they are very wrong. The only reason Macs rarely get viruses is because such a small percentage of people use them. This is great...I'll finally be able to shut up my Mac loving friends.

By the way I don't support the making of viruses I think its bad. I just think its cool someone proved the Mac lovers wrong.

Macs aren't for games yet you can still buy games for it. I don't support making games for the Mac but I think its cool someone proved the Windows lovers wrong.

 

[Applespider]

If word spreads like wildfire, a lot of people will decide they don't want to go from a system with viruses galore, to one that looks like it could go that way too. Not my thoughts, but I know some switchers will be thinking that.

Although there's still the obvious here - one 'trojan' which you still need to actively download against many thousands instances of malware which can install themselves without you doing anything.

Let's not start predicting the apocalypse until we know what the effects really are. At the moment, the analysis of it isn't complete (and I'm impressed by how much information has come out already) and the developer community, let alone Apple, haven't had a chance to come up with options. I'm confident that they will.

 

[mdavey]

what could/should apple do to prevent the inevitable onslaught of malware for the mac platform?

# Extend Disk Utility so that it knows the correct md5 fingerprint of files in addition to the correct permissions. Provide an option that causes Disk Utility to report files with incorrect fingerprints and files that have been added to applications. It is important that the utility reports files that have a fingerprint from an older version of the OS as a cracker could choose to replace a binary with an older version that has a vulnerability so as to provide an additional back door to the system.

# Review both the sudo and the GUI authentication grace periods / mechanisms and brainstorm if there is a safer way to achive a similar effect while eliminating the possibility of malware hijacking the grace period

# Make it easier to rename users (so /Users/mdavey can be renamed /Users/michael without side-effects or following three pages of instructions) - so existing users can easily seperate their day-to-day account from their admin account while keeping their configuration

# Force users to provide details for an admin account and then details for their day-to-day account when installing, don't encourage users to create a single account to perform both tasks