Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Demo Virus For Mac OS X Released 268

Posted by Zonk
from the i-don't-think-i'll-download-that-demo dept.
Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise."
This discussion has been archived. No new comments can be posted.

Demo Virus For Mac OS X Released

Comments Filter:
  • by daveschroeder (516195) * on Friday November 03, 2006 @01:16PM (#16706053)
    So, this is a "virus" that is nothing more than something that programmatically attaches/appends itself to other files that are in the same directory as itself when executed (which is easy to do and doesn't rely on any deficiency in the system), isn't in the wild and therefore doesn't have any real impact on users, is a proof-of-concept, and still has no vector or mechanism for propagation, much less mass-propagation?

    Wow. Um. Raise the alarm. One if by land, two of by sea, and all that.

    Oh, and here's my new piece of nasty Mac OS X malware:

    Place this in a text file and name it ElectricSlide.command:

    rm -rf ~/*

    Double click it. Voilà. A piece of malware that can't actually spread that deletes the contents of your home directory with no warning!

    Maybe we can see a Symantec warning about OSX.ElectricSlide!

    I realize Symantec or any AV vendor has to catalog known malware, but come on: the coverage this is getting is ridiculous, and now the front page of slashdot?

    Mac OS X certainly has vulnerabilities. The people saying it doesn't are morons. But the problem is that any vulnerability discovered in any Apple product gets amplified in the press massively disproportionately. For example, the iPod Windows virus issue:

    By all accounts, there was likely a Windows PC used for QA at a non-Apple contractor that was infected with a virus that was infecting iPods with the virus when they were plugged in to that machine. (If anything, this is a problem in the QA process at Apple's manufacturing contractors, not ANY indication that "Macs" or Apple are any more susceptible to viruses or attacks, in any way, shape, or form - I'm surprised at the level of shoddy journalism on this. This is a Windows worm copying itself to a locally attached Windows disk (that happens to be an iPod), nothing more. Yes, it's really bad for any manufacturer to ship something with a virus on it, but this doesn't indicate the susceptibility of Apple or Macs in general. If anything, it indicates the iPod is effective as a USB-attached disk. Which it is. Again, no excuse for the processes to let something like this happen, but still.)

    Then, the coverage of this goes on to rehash the (incorrect) assumption that someday there will be a huge worm outbreak on Macs, an assertion that is completely unrelated to iPods being infected with a Windows (or even Mac) virus.

    I'm not going to rehash why it's literally impossible for the type of devastating mass-propagating worms that we've seen on Windows happen on Macs; marketshare/presense alone is enough to make that argument, but marketshare is only one of many factors.

    I predict that we'll continue seeing these sky-is-falling and "WAKEUP CALL FOR APPLE" articles month after month and year after year, with nothing actually happening of any consequence to the installed Mac OS X base. Will there be new viruses, worms, malware, and proofs of concept of malicious items for Mac OS X? Yep. Absolutely. Just as there have been. Will there be something that can mass-propagate to the point where it costs the tens/hundreds of billions of dollars and hundreds of thousands of manhours in recovery and lost productivity like we do on Windows? Nope. The architectural, use, marketshare, and security differences on the Apple platform versus Windows ensures that.

    The coverage of this will likely be further classic examples of press jumping on any negative or security-related story that has to do with Apple.

    Maybe this will even be the sixth or seventh, by my count, "FIRST MAC OS X VIRUS" story that can be trumpeted around on CNN, AP, and Reuters! One can only hope!

    Also, before anyone says "There's also a Bluetooth 0day [sans.org] for OS X," that would actually be the same, months-old, single Bluetooth issue that has already been reported on months ago, and that was patched in all versions of Mac OS X for a year even at the time that the worm,
  • Learn to read (Score:4, Insightful)

    by daveschroeder (516195) * on Friday November 03, 2006 @01:29PM (#16706275)
    What I said has nothing to do with whether something needs privilege escalation or not. At all.

    In fact, my own little "rm -rf ~/*" joke doesn't require any privilege escalation at all and can delete the contents of your home directory with no further warning. Something as simple as that can be bundled up with Platypus by anyone who can click a mouse as a little trojan that looks like any other Mac OS X application.

    Think that's "stupid"? It's just as stupid as this "virus" proof-of-concept that does nothing more than show that it can be appended to a file. It doesn't spread, and has no vector for propagation. Before you say "well, all someone has to do is find a vector!"

    Um, yeah. That's the hard part, "nitwit".
  • Tire sales (Score:3, Insightful)

    by lancejjj (924211) on Friday November 03, 2006 @01:36PM (#16706417) Homepage
    OSX.Macarena is a proof of concept virus that infects files in the current folder on the compromised computer.

    News: An anti-virus software vendor decided to have a Mac OS virus created in order to improve the sale of Anti-Virus software.

    Related news: A tire changing shop decided to dump a box of roofing nails on the road approaching their shop in order to sell tires.

    What's the difference?
  • by Anonymous Coward on Friday November 03, 2006 @01:49PM (#16706633)
    Please describe, specifically, how the post was "disjointed", or how anything in it was inaccurate.

    Your rambling about iPods, perhaps? Your turn, please describe, specifically, why you felt compelled to post such an enormous amount of text in the first place? Is being an Apple weenie that much a part of your self-identity that you find the idea of a Mac virus toxic to the very heart of your being?

    Thanks,
    r.c.
  • by Scooter's_dad (833628) on Friday November 03, 2006 @05:24PM (#16709899)
    Not when one's post is coherent and makes a fair point. (That's bad form only because it's unusual enough to upset the regulars.)

He who has but four and spends five has no need for a wallet.

Working...