First real trojan appeared on OS X

If it is a trojan, it will require the user to run it. It's annoying that they don't indicate what programs contain this trojan...
 
Nope, definitely ain't one.

If you go to the Advanced portion, it says this:

Mac/Cowhand-A is a proxy Trojan for the Mac OSX platform.

The Trojan may copy itself to the user's Preferences folder. In order to run itself on startup, the Trojan may add itself to the user's Startup Items.
Click to expand...

...which is at least more in line with OS X.

If you hit the link that is listed as "Trojan" you get sent to a page with the listed trojans, then (I presume) a link to the right of what type of trojan it is. If I'm right, then this is the type of trojan this is supposed to be:

Troj/IRCFlood-E is used to flood an IP address with network packets. The Trojan can be controlled remotely over IRC
Click to expand...

Without more info, I can't say whether or not this is true. Guess we'll have to wait and see if anyone else carries the story.
 
The 'Registry' reference is probably a standard text, not customised by the person who enters the thing in the database. So that isn't anything we should blame on them right now. (They probably haven't got the right text blurbs for Mac OS X in their database.) What we should _worry_ about is, right now, the bad press this might give Apple.
 
Listed here at http://secunia.com/virus_information/17449/maccowhand-a/ , but its just a reprint of the sophos data (links point back to them). This is unhelpful, as it could make the info be spread without anyone else checking up on its validity.

Oh and on security firms 'finding' virii etc, I'm still boycotting Intego after their last announcement of that dubious mac malware.
 
Well: If it's just a scam like the one from your symantec link, I'm not worried. Would you open an application that someone you don't know sends you? Well: I wouldn't. And unless this was _directly_ targetted at my person (i.e. with a sender I know and a subject I'm interested in and it looking and feeling - i.e. sizewise - like something I might WANT to run), I just wouldn't run it on my Mac.

This is VERY different from how some trojans work on Windows...
 
A Trojan for the Mac wouldn't be that hard to make anyways. Trojans are viruses disguised as a real program or file (mp3, for example). Deleting files on your Desktop or in your Home folder is simple, and doesn't require user authentication. Then all it has to do to spread itself is get access to the user's address book (which is a public API) and send itself as an attachment from the user's email (not that hard)....

Trojans get spread easily because people don't think when they read emails, but hopefully that'll be changing with the thought of viruses in people's minds because of the media.
 
You know, there's one other thing that bugs me about this. Everyone (myself included) is waiting for the first real OS X virus. You know, a real OS virus that takes advantage of buffer overflows or gaps in permission settings, the kind that slips into a thousand systems overnight without anyone noticing. That would be news. Stuff like this, though, is nonsense. It takes nothing to write a script that does nasty stuff, use it as a replacement for the installer script for some warezed copy of Photoshop or Doom and release it on usenet. It is no more of a security threat than phoning up a user at home and convincing him to erase this silly folder called "/" on his hard drive. Trouble is, when some idiot reporter from AP reads this thread and writes about how "Mac isn't so secure after all", Mac's halo loses some of its lustre. For nothing.
 
Andrew Adamson said:
... Everyone (myself included) is waiting for the first real OS X virus. You know, a real OS virus that takes advantage of buffer overflows or gaps in permission settings, the kind that slips into a thousand systems overnight without anyone noticing. That would be news.
..
Click to expand...

So you're waiting for a virus then?! Um, I quite like not having any, don't know about you...
 
fryke said:
The 'Registry' reference is probably a standard text, not customised by the person who enters the thing in the database. So that isn't anything we should blame on them right now. (They probably haven't got the right text blurbs for Mac OS X in their database.) What we should _worry_ about is, right now, the bad press this might give Apple.
Click to expand...
I understand what you are saying, but it begs the question: "What in MacOS X are they mistaking for a Registry?" If their business is security, then they have a heightened responsibility to be accurate. Unintentional or not, the statement qualifies as misinformation. For this, I do blame them.
 
As can be read in this thread, they meant the "copying itself in the user's preferences folder", probably. I guess the author of the warning couldn't find anything that more closely matched. ;)
 
Guys,

I fear i may be the first person to have experienced this.

I just woke my mac up from sleep, and all my iTunes music is GONE! nothing in the music folder of my home all Gone! i might have got a MP3 trogan/virus (as i did 'get' some music only 4 days ago)
 
There have been more than a handful of people that have had their music disappear from iTunes -- I seriously doubt that a virus or trojan was responsible.

I doubt any of us on this board will "contract" or somehow get the virus described in this thread, or any Mac OS X specific virus for quite some time.

It's always best to be safe, though, and I'm not advocating tossing caution to the wind... I would just be surprised if any of us, even if we tried really hard, got one of these virii.
 
You must log in or register to reply here.
Back
Top