Demo Virus For Mac OS X Released - Slashdot

Become a fan of Slashdot on Facebook

×

Demo Virus For Mac OS X Released 268

Posted by Zonk on Friday November 03, 2006 @02:15PM from the i-don't-think-i'll-download-that-demo dept.

Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise."

This discussion has been archived. No new comments can be posted.

Demo Virus For Mac OS X Released

Search 268 Comments Log In/Create an Account

Comments Filter:

Umm, wrong malware? Solution in the works? (Score:5, Interesting)

by 99BottlesOfBeerInMyF ( 813746 ) writes: on Friday November 03, 2006 @02:56PM (#16706727)

Those of us following malware in general and OS X malware in particular already heard about the new metasploit module [info-pull.com] for OS X exploit released recently that supposedly exploit an unpatched hole in the wireless drivers that shipped with some powerbooks an imacs. It has a lot more potential as a real security issue than this reported proof of concept, since this one has no automated mechanism to spread and no remote vulnerability or any vulnerability for that matter. It is simply code running as it is supposed to with the privileges it is supposed to have. It is no more the result of a flaw in the system than "rm" is.

As for this "virus" it is a demonstration of a problem, but one that is so widespread and common it will be dismissed by the majority of the security community out of hand. The problem is, this code (when run) has permission, by default, to do too much and the user is not notified by the OS of what it is doing. The same can be said of most any desktop OS these days. The granularity of permission is basically: none, everything the user can do, or anything. That is insufficient to deal with software that may or may not be trusted.

Interestingly enough, Apple has announced the inclusion of application signing and Mandatory Access Controls in OS X 10.5. Theoretically, unsigned applications like this could be placed in a very limited trust level by default and as such, would not have permission to edit random user files because the MAC ACL would stop it. Viruses and trojans would have a big roadblock. Imagine downloading some random program like this, double clicking it, and OS X informing you not only that it is a new application, but also pulling up a dialogue that says something like "The application 'macarena.sh' wants to modify 122 applications in your Applications folder. This behavior is characteristic of a virus. (stop it from changing them)(let it change them)(view advanced options/details)."

I'm keeping my fingers crossed that Apple is the first to bring SELinux's granularity of security to grandmother's everywhere in a usable way.

Share
twitter facebook
Re:This is on the front page of slashdot why? (Score:3, Interesting)

by daveschroeder ( 516195 ) * writes: on Friday November 03, 2006 @03:12PM (#16707009)

Your rambling about iPods, perhaps?

Rambing? It was an example of how something utterly technically unrelated is used as an excuse to push Apple into the security spotlight again, claiming that because a QA machine infected with a *Windows* virus at one of its contractors means "Apple" is being targeted more by "hackers". (???)

Your turn, please describe, specifically, why you felt compelled to post such an enormous amount of text in the first place?

For accuracy and a comprehensive analysis of the situation, while also preemptively discrediting any incorrect posts about "Bluetooth 0days" and the like?

Is being an Apple weenie that much a part of your self-identity that you find the idea of a Mac virus toxic to the very heart of your being?

No. (And there have been previous Mac "viruses", trojans, rootkits, and other things that fall in the category of "malware". My question was: why is it on the front page of slashdot when nothing is remotely new, interesting, or novel, in any respect, about it?)

Thanks for asking!

Parent Share
twitter facebook
Re:This is on the front page of slashdot why? (Score:3, Interesting)

by Golias ( 176380 ) writes: on Friday November 03, 2006 @04:52PM (#16708525)

When are you nitwits going to get it through your head that there's no such word as "virii"?

Sure there is. It's a jargon word to refer to more than one computer virus (note: not more than one biological virus.)

And yes, it's incorrect Latin, but the word "television" was created by incorrectly mashing a Latin word together with a Greek word. Nobody cares that it's not a "real" word. Usage makes it real. That's English for you.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis