first mac os x virus

Discussion in 'OT Technology' started by easy4lif, Feb 16, 2006.

  1. easy4lif

    easy4lif New Member

    Joined:
    Sep 29, 2005
    Messages:
    545
    Likes Received:
    0
    Location:
    socal
    from macrumors.com

    On the evening of the 13th, an unknown user posted a link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"

    The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but was actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is a virus or was designed to give that impression. Routines listed include:

    _infect:
    _infectApps:
    _installHooks:
    _copySelf:

    The exact consequences of the application are unclear, but according to the users that originally executed the application have noted that it appears to self propogate:If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
    Andrew Welch who had done some of the initial disassembly is posting updates to this thread. According to the initial investigation, the application does use Spotlight to find the applications on the machine and subsequently insert a stub of code into each application executable.
     
  2. colosodian

    colosodian Next Gen

    Joined:
    Oct 16, 2004
    Messages:
    1,110
    Likes Received:
    0
    Location:
    SF Bay
    haha, like this is the very first...

    Pretty smart the way it works though.
     
  3. kawasakiguy37

    kawasakiguy37 New Member

    Joined:
    Nov 23, 2004
    Messages:
    335
    Likes Received:
    0
    Omgz itz a tarp!1! Macs dont get virusssss!!


    Seriously though, it was only a matter of time
     
  4. Skoles

    Skoles Guest

    I bet it was planted by Apple as a way to squelch rumor sites.

    Seriously tho, I've been kinda wanting to see this happen to see how it will be handled by Apple or how it would infect the system since it is touted as being so secure.
     
  5. bandwagon

    bandwagon Copy/Paste

    Joined:
    May 27, 2005
    Messages:
    1,501
    Likes Received:
    0
    Trojan != Virus
     
  6. samm

    samm Next in Line

    Joined:
    Dec 22, 2000
    Messages:
    2,630
    Likes Received:
    0
    Location:
    San Jose, CA
    It's not a virus, it does not propagate itself. To become infected you have to

    1. download a tarred gzipped file
    2. uncompress it
    3. open the executable inside which looks like a JPEG
     
  7. easy4lif

    easy4lif New Member

    Joined:
    Sep 29, 2005
    Messages:
    545
    Likes Received:
    0
    Location:
    socal
    your wrong.

    1. people did download it.
    2. people did uncompress it.
    3. it did run some sort of executable
    4. added unkown code to certain apps.
    5. now spreads via bonjour & iChat/aim

    its something like a virus
     
  8. antiyou

    antiyou OT Supporter

    Joined:
    Jul 13, 2005
    Messages:
    25,295
    Likes Received:
    0
    Location:
    in ur base
    you're very insightful
     
  9. Arhida

    Arhida OT Supporter

    Joined:
    Feb 2, 2005
    Messages:
    7,998
    Likes Received:
    0
    Location:
    Toronto
  10. evh

    evh Active Member

    Joined:
    Jun 3, 2004
    Messages:
    24,184
    Likes Received:
    9
    Wow, I've never heard of anything like this for a mac. Very interesting.
     
  11. newsroom_can

    newsroom_can Canada eh?

    Joined:
    Jun 29, 2001
    Messages:
    17,218
    Likes Received:
    0
    Location:
    Vancouver, BC
    Interesting...
     
  12. Skoles

    Skoles Guest

    I had a chance to read the article through...doesn't seem like a big threat.

    In most cases you'd have to enter your password when opening it. Which if common sense would tell you, why does a jpg need my p/w?
     
  13. Arhida

    Arhida OT Supporter

    Joined:
    Feb 2, 2005
    Messages:
    7,998
    Likes Received:
    0
    Location:
    Toronto
    I work in the Mac repair industry. From what I can tell, most users don't know very much. And most just have a blank password. It could easily propagate within this group.
     
  14. agent0068

    agent0068 OT Supporter

    Joined:
    Jun 28, 2002
    Messages:
    39,833
    Likes Received:
    0
    read the article at ambrosia's site. it is not a virus. it is a piss poor attempt at a trojan, and honestly--entering your admin password to view photos?

    and no, it is not smart the way it works. it's riddled with bugs and doesn't do anything it intends to do.
     
  15. inamorata

    inamorata New Member

    Joined:
    May 13, 2004
    Messages:
    23,762
    Likes Received:
    0
    Location:
    California
    :werd:


    apple > * (still)
     
  16. bandwagon

    bandwagon Copy/Paste

    Joined:
    May 27, 2005
    Messages:
    1,501
    Likes Received:
    0
    apple > * (still) :hsugh:

    This virus kinda reminds me of those joke Linux virii:

    $ su -
    Password:
    # cd /usr/src/virus
    # ./configure && make && make install
    # /usr/bin/virus &
    # echo "Oh nose i'm infected!"
     
  17. Arhida

    Arhida OT Supporter

    Joined:
    Feb 2, 2005
    Messages:
    7,998
    Likes Received:
    0
    Location:
    Toronto
    :rofl: Not much of a virus.
     

Share This Page