Mac Malware

well, a virus, as i consider it, is an app that mainly modify files on your computer, so i would look at this 'opener' like a trojan horse, a security hole, even if in the article they're not so precise about what sort of bug the virus exploits. they don't specify how you can be infected, if through mail, like the majority of windows virus, through p2p, or simply surfing on the net... and if the 3rd option is the right one, it could be hard... i have a pc at home, and i became mad with the blaster, a virus that was infecting my pc every time i connected to windowsupdate...
 
so how come if this is true we haven't heard anything about it? it's been a couple of days now since this virus came into existence. does that mean we're going to have to start purchasing anti-virus programs?
I noticed that apple released a new security update. Is this update related to the virus?
 
It's the "Opener". It's been reported all over the place for awhile now.

It can't get into your system unless you, as an admin allows it to.
 
Yep -- bobw's right. No one can remotely install the program, unless they've got your admin username and password (which is a much bigger security hole than the "opener" program itself), it doesn't automatically replicate, and it doesn't "spread" to other computers so it really can't be considered a virus.

You (or someone posing as you with your username and password) would have to install it and explicitly run it with admin rights in order for it to do damage. It doesn't exploit any "holes" in the OS.

The point is that anyone can write a program that will do damage to a system with proper admin credentials -- people have been able to do this since the 1960s. It's not a threat at all as long as you keep your username and password secret.
 
Thats what I figured. It didn't sound like a virus that windows users are used to.

The author of that article got excited too soon I think...

Execute rm -rf / as root and thats bad too ;-)
 
Just remeber that it's absolutly no problem to create a faked (for example) Tiger Beta diskimage with proper filesize and upload it to a p2p network.

Than thousand users are happy to find it, dl it and then enter their admin pw to install this (what they believe) good app. So they just installed the scripts and just got a message 'checksum error" or "your mac doesn't qualify for this beta" or whatever so they don't get suspicious about the download.

It's all about Social Engineering to trick the people so they install the malware themself. That's easier than creating a self replicating virus ;)
 
rbuenger said:
Just remeber that it's absolutly no problem to create a faked (for example) Tiger Beta diskimage with proper filesize and upload it to a p2p network.

Than thousand users are happy to find it, dl it and then enter their admin pw to install this (what they believe) good app. So they just installed the scripts and just got a message 'checksum error" or "your mac doesn't qualify for this beta" or whatever so they don't get suspicious about the download.

It's all about Social Engineering to trick the people so they install the malware themself. That's easier than creating a self replicating virus ;)
Click to expand...
Easier, maybe; effective, definitely not. The whole point of viruses and worms and other malware is to spread your handiwork as widely as possible throughout the population. The malware that you have described is about the least efficient way I can imagine to do anything at all. Every new instance of your idea requires a massive amount of work on the part of the victim to get the malware and to implement it. I dare say that the group who would attempt to install such a thing is less intelligent than the general population of Mac users. Therefore, it is likely that many of them will do it wrong, rendering the whole exercise a joke.

Look, it would be a lot less work to write and post a shell script that promises to break the passwords of all porn sites, but erases the kernel instead.
 
Erh... 1.) Get .dmg-File. 2.) Double-Click the .pkg-File. 3.) Enter admin password. That's not _many_ hurdles, MisterMe. And you assume people who install applications are dumber than the rest of the Mac users? I think rbuenger has a point, although probably it'd be "better" or more efficient to take a file of smaller size.
 
fryke said:
Erh... 1.) Get .dmg-File. 2.) Double-Click the .pkg-File. 3.) Enter admin password. That's not _many_ hurdles, MisterMe. And you assume people who install applications are dumber than the rest of the Mac users? I think rbuenger has a point, although probably it'd be "better" or more efficient to take a file of smaller size.
Click to expand...
Reread rbuenger's post and my response to it. He profered that malware macquerading as a Tiger beta could be posted on a p2p site and could then trick Mac users into installing it. We are not talking about applications here, but rather about a pirated OS or at least a .pkg pretending to be a pirated OS. And yes, I consider someone who downloads and installs a file that they believe to be a pirated copy of MacOS X to be less intelligent than the Mac community as a whole.

Don't forget that rbuenger's malware in disguise would be as large as a real copy of the OS. That's two to three disk images, which for me would require four to six hours to download. How many Windows computers could be infected in the time required for the download alone? And every other target would have to spend the same four to sex hours to download the same disk images. Burning CDs and FedEx-ing them to users would probably be faster.

I continually hear hypothetical mechanisms for infecting Macs. Yet, none of them ever turn into anything. Things that happen happen for a reason. Things that don't happen don't happen for a reason, as well. Sometimes things don't happen because no one ever thought of them before. However, things that don't happen after they have been conceived don't happen because the knowledge, time, or resources required are not available. In many cases things don't happen because they can't happen. Just because somebody posts something on a bulletin board doesn't mean that it is possible.
 
This is not a mechanism for infecting Macs at all. There is no propagation mechanism, there is no exploiting of a security vulnerability.

It assumes you already have compromised the Mac somehow - now you want to to something with your elevated privileges. This just automates the doing of generic nefarious deeds for hackers who aren't clever enough to think up their own nefarious deeds.
 
I just would like to say that the "Tiger" download was just an example. You could of cause take any other application and replace it. Whatever is 'most wanted' at the time and will be downloaded by most people.

Ok. this is not a effektive way to spread it to thousands but it's a good starting until they've found something 'better'
 
You must log in or register to reply here.
Back
Top