Besides the obvious "erase the home directory", a boosted version could employ AppleScript to read your contacts from the Adress book and send spam mails via Mail.app. This is the exact thing we have seen on windows for years now.
Are you sure about that? It is the first time a read something similar.
Intego posted an detailed FAQ with information about the trojan.
I am still wondering what Intego adds in the issue other than promote some antivirus software (guess what, theirs). As I said, the exploit is very old and, in some sense, generic. The fix should be easy for Apple. But you can't completely solve such problems in any operating systems with GUI. It is not a virus in the strict sense we know from the Windows world.
Here is the MacFixit article on the issue. What I found strange, is that one poster said that Mail.app warns the user when it is about to send as attachment an application. I tried to do the same (emailing to myself), the message goes, but I don't see the warning . Is that normal?
"They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."
I can't believe the press this concept virus is getting. OSX gets one hypothetical virus and CNN places it on the front page with doom and gloom headlines-just heard it on the boob tube as well-although they then go on to state that its not really real yet. Paraphrase: "MAC joins thw owrld of virus victums with its own viurs htat can cause major damage-ohh bu t it realy doesn't exist yet-but it could!" I gueess all the good press APlle gets has to be balanced by crap like this.
It's because windows users are sick and tired of us bragging about not having viruses when they have so damn many of them. They'll take *any* little scrap of information they can get that would paint OS X to not be as impermeable as we all boast about.
It's because windows users are sick and tired of us bragging about not having viruses when they have so damn many of them.
Exactly my feelings, as I repeatedly mentioned before. Despite the fact that the exploit is real (but very old and trivial, and it affects any OS with that level of functionality), it looks like it is a well orchestrated effort to spoil the robust security features of OS X. I think Apple have to address this (although not 100% possible) in a matter of days, not only to correct the issue, but to prove also how trivial the exploit is.
What I found strange, is that one poster said that Mail.app warns the user when it is about to send as attachment an application. I tried to do the same (emailing to myself), the message goes, but I don't see the warning .
Ah, I see. He does not mean that you see the warning when you send such a message, but that the recipient would see the warning if (s)he tries to open the attachment. So, there is already a protection in place. But it is still up to the user to be fooled and actually click "Open". Simply Apple needs to make the file check stronger and when conflicting types are detected on an attachment, to not permit the user open the attached file, at least. They can also disable Finder launch of such files.
An update on the issue: someone Julien, has already written a small program that can check for such trojan files. If I understand correctly what he says, its program simply makes a search for applications whose extension is empty or something else than .app. So much for the famous Intego (or whoever's else) fix.
Since this Trojan cannot hide, all that is really needed is a bit of user vigilance. Download the proof of concept file, then do "Get Info" - Now do get info on a real mp3 / aac file.
Oh look, the trojan says its an application!!
Secondly, an mp3 is a heavily compressed format. There is no advantage to having an mp3 inside another compressed archive as there will be no actual size reduction. The only time I personally would do this would be for easy distribution of a number of mp3's.
Despite the fact that the exploit is real (but very old and trivial, and it affects any OS with that level of functionality), it looks like it is a well orchestrated effort to spoil the robust security features of OS X.
Don't shoot the messenger....
This trojan was developed by some guys as a proof of concept, meaning they wanted to show _one_ flaw in OS X. If they wanted, they could likely have written something more nasty, but this was obviously not their aim.
We should be thankful - after all, if someone tells you you left the keys hanging at your car, you don't complain, do you?
Secondly, an mp3 is a heavily compressed format. There is no advantage to having an mp3 inside another compressed archive as there will be no actual size reduction. The only time I personally would do this would be for easy distribution of a number of mp3's.
Which is exactly how mp3s are transferred over BitTorrent. Ah well, I don
This trojan was developed by some guys as a proof of concept, meaning they wanted to show _one_ flaw in OS X. If they wanted, they could likely have written something more nasty, but this was obviously not their aim.
I don't know how much obvious is in what I said, but I am not talking about the guys who made this proof of concept. And in fact, they did not prove something we did not already know. Well, it is only a step away from what it was already known. Simply, the exploit drew a much larger attention than it deserved.
Couldn't an obvious fix be for the Finder to check if the application that is going to launch a file based on its resource fork can also be launched by the default app for that file's extension? If it can't, it warns the user: "The file your are attempting to open.... Are you sure?". Sure, it's invasive, but it'll probably work.
Comments
Haha nah I'm not worried. I don't keep anything important anywhere it can be touched.
Originally posted by PB
Are you sure about that? It is the first time a read something similar.
Quite sure, yes. Shall I try to whip up a concept virus to prove my point?
Originally posted by PB
Originally posted by Smircle
Besides the obvious "erase the home directory", a boosted version could employ AppleScript to read your contacts from the Adress book and send spam mails via Mail.app. This is the exact thing we have seen on windows for years now.
Are you sure about that? It is the first time a read something similar.
You wanna see my Applescript?
Intego posted an detailed FAQ with information about the trojan.
http://www.intego.com/news/pr41.html
For now, the trojan is benign and not out in the wild. For now. The proof of concept is there.
[Edit: benign not benin]
Originally posted by Defiant
Intego posted an detailed FAQ with information about the trojan.
I am still wondering what Intego adds in the issue other than promote some antivirus software (guess what, theirs). As I said, the exploit is very old and, in some sense, generic. The fix should be easy for Apple. But you can't completely solve such problems in any operating systems with GUI. It is not a virus in the strict sense we know from the Windows world.
"They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."
Relax
Originally posted by Wrong Robot
It's because windows users are sick and tired of us bragging about not having viruses when they have so damn many of them.
Exactly my feelings, as I repeatedly mentioned before. Despite the fact that the exploit is real (but very old and trivial, and it affects any OS with that level of functionality), it looks like it is a well orchestrated effort to spoil the robust security features of OS X. I think Apple have to address this (although not 100% possible) in a matter of days, not only to correct the issue, but to prove also how trivial the exploit is.
Originally posted by PB
What I found strange, is that one poster said that Mail.app warns the user when it is about to send as attachment an application. I tried to do the same (emailing to myself), the message goes, but I don't see the warning
Ah, I see. He does not mean that you see the warning when you send such a message, but that the recipient would see the warning if (s)he tries to open the attachment. So, there is already a protection in place. But it is still up to the user to be fooled and actually click "Open". Simply Apple needs to make the file check stronger and when conflicting types are detected on an attachment, to not permit the user open the attached file, at least. They can also disable Finder launch of such files.
Oh look, the trojan says its an application!!
Secondly, an mp3 is a heavily compressed format. There is no advantage to having an mp3 inside another compressed archive as there will be no actual size reduction. The only time I personally would do this would be for easy distribution of a number of mp3's.
Originally posted by PB
Despite the fact that the exploit is real (but very old and trivial, and it affects any OS with that level of functionality), it looks like it is a well orchestrated effort to spoil the robust security features of OS X.
Don't shoot the messenger....
This trojan was developed by some guys as a proof of concept, meaning they wanted to show _one_ flaw in OS X. If they wanted, they could likely have written something more nasty, but this was obviously not their aim.
We should be thankful - after all, if someone tells you you left the keys hanging at your car, you don't complain, do you?
Originally posted by Gargoyle
Secondly, an mp3 is a heavily compressed format. There is no advantage to having an mp3 inside another compressed archive as there will be no actual size reduction. The only time I personally would do this would be for easy distribution of a number of mp3's.
Which is exactly how mp3s are transferred over BitTorrent. Ah well, I don
t use it anymore.
Originally posted by Smircle
Don't shoot the messenger....
This trojan was developed by some guys as a proof of concept, meaning they wanted to show _one_ flaw in OS X. If they wanted, they could likely have written something more nasty, but this was obviously not their aim.
I don't know how much obvious is in what I said, but I am not talking about the guys who made this proof of concept. And in fact, they did not prove something we did not already know. Well, it is only a step away from what it was already known. Simply, the exploit drew a much larger attention than it deserved.
how did you make that post?
Sorry for the derailment.
Back on topic:
What AV software do you use? Is the best?