01. The file 'Secunia.mov.zip' is downloaded to your Macintosh.
Now, all the 'ifs' ...
02. If 'Safari' is your web browser, and if its 'Preferences', 'General' tab panel's 'Open "safe" files after downloading' check box is check marked, then the '.zip' file will be automatically de-compressed (to 'Secunia.mov'). However, the '.mov' file has the permissions of '-rwxr-x--x'; therefore, MacOS X will run (open, launch, execute) the executable file.
What is in the 'Secunia.mov' file? ...
/Applications/Calculator.app/Contents/MacOS/Calculator; exit
. Naturally, nowhere on the
Secunia web page or its 'What should you do?' linked web page - is it stated to uncheck the 'Open "safe" files after downloading' check box.
-----
Summary:
By not having 'Safari's 'Preferences' 'General' tab panel's 'Open "safe" files after downloading' check box check marked; and / or any other web browser's 'Preferences' set similarly; and, having ones download folder set to List view - one would immediately note the 'kind' of the 'Secunia.mov' file as 'Terminal document', instead of 'QuickTime Movie'.
---
The same advise was made around April 2004 when the 'MP3Concept' MacOS X Trojan horse was released. Oops, sorry - the 'proof of concept' '.mp3' file was noted by the security firms [(
1), (
2), etc.], press [(
1), (
2), etc.], and lesser informed [those who have posted to macosx.com and similar web sites, stating - I have virus, worm, or trojan horse ...]. In that particular case, the List view 'kind' of the .mp3' file was 'Application', instead of 'Preview', 'GraphicConverter', etc.
---
Apple's 'Mail' is not my primary e-Mail'er application; therefore, I have no say as to its actions related to the 'Secunia.mov.zip' file.
Supposedly, the recent 'Security Update 2006-001', at
Apple Downloads, as by '
MacWorld' - resolves such issues.