What is Digg?Warning: The Content in this Article May be Inaccurate
Readers have reported that this story contains information that may not be accurate.143 Comments
- xedeon, on 10/12/2007, -0/+8Yeah right! lets call that a failed "trojan"
cp: /Applications/RealPlayer.app/Contents/MacOS/RealPlayer: Permission denied
cp: /Applications/Firefox.app/Contents/MacOS/Firefox: Permission denied
cp: /Applications/Rise of Nations Gold/Game/Rise of Nations Gold.app/Contents/MacOS/Rise of Nations Gold: Permission denied
cp: /Applications/Skype.app/Contents/MacOS/Skype: Permission denied
cp: /Applications/Google Earth.app/Contents/MacOS/Google Earth: Permission denied
logout
[Process completed]
Nice try!! - jrkagan, on 10/12/2007, -0/+7I wonder if it's a universal binary.
- TimmyK., on 10/12/2007, -1/+8Haha! I love listening to retards who for some reason hate someone else just because they use a different kind of computer. I love it. It's amazing how small some peoples lives are that all they have going for them is what kind of computer they choose to use, and that they feel like they have to attack someone else for using a different one. Pathetic losers.
- ani-pockdotnet, on 10/12/2007, -3/+9"Let's cross our fingers it destroys all Macs out there."
But then Windows won't get any better... - eridius, on 10/12/2007, -1/+7Ok, this story is complete FUD and totally lame. For the clueless out there, it is NOT a virus. It is a trojan - this means it requires human interaction to run it. And trojans are nothing special, except that none for OS X have ever spread very far at all. The difference between a trojan and a virus is the virus spreads on its own, and there have been no viruses in the wild for OS X. This is not the first. This has no business being on the front page.
- macgabriel87, on 10/12/2007, -0/+4good thing im running mac os 7.0.1. i haven't gotten a virus on my performa 6116cd in... 10 years? can anyone leak me OS 7.5? I can't find it anywhere
- geminitojanus, on 10/12/2007, -5/+8reported inaccurate:
1) there have been about 40 viruses on OS X, and legitimate ones (ones that actually use exploits). Google it.
2) the program described IS a trojan; it requires you run it (yankwhatever is exceptionally retarded).
A trojan is FUNDAMENTALLY different than a virus in that it requires a user to interact with it. Trojans can be written for any and all platforms alike; no matter how smart the computer is, a user with admin privilidges can still stupidly run something and ***** it all up (try typing in rm -rf / on linux as root, or deltree -y C:/ on Windows 9x [forgive me for not knowing the new delete command in Windows XP, as I don't use the platform on a day-to-day)]). - hashkaran, on 10/12/2007, -0/+3How did this get on the front page. News like this take the credibility out of "digg'ing" process.
I have reported it as "Inacurate". I would recommend others to do the same as well. - jambarama, on 10/12/2007, -0/+3This is clearly a trojan, it needs user permission. Two problems: with the permissions setup in OSX, it is limited in the scope of damage it can do. Second: the specific exploit it uses can be patched very easily. Apple will jump on this.
I'm glad that this was totally innocuous. It serves as a slight wakeup call to mac users without slapping them in the face. If apple responds properly, there won't be a need to start firing up OSX AV, firewalls, et cetera. Just system updates & safe computing practices. - inkhead, on 10/12/2007, -1/+41) the virus has no effect on your computer, YOU HAVE TO AUTHENTICATE AKA YOU ARE NOT ROOT TO DO ANY DAMAGE TO A MAC OS X COMPUTER.
The virus would need your root, admin password to install anything ANYWHERE worth installing. - Johnny1337h4x0r, on 10/12/2007, -2/+5Let me make myself clear right away before the actual "comment". I'm a windows user and most likely will always be a windows user (unless Linux starts getting games). I've used a mac before and I completely hated it and will never ever go to the Mac platform. Now to the actual comment.
Look at all the Windows people laughing as in trying to say "IN YO FACE SUCKA'S". Now unless you're an experienced user and know the Windows system well then yes, you might not get viruses. Now lets look at the mac side. When was the last time you heard of a friggin virus on that side? huh? Everyone I know other than myself gets a crap load of viruses, and most of the time they don't even know that they have 4 viruses on their system until I look at their computer because it keeps rebooting every 5 seconds. Just because the operating system you're using sucks doesn't mean you have to try to degenerate a competing operating system just for the hell of it. - The_Dark_Titan, on 10/12/2007, -1/+3By the way, reported as lame. The act of calling a mislabeled script the first Mac virus is about as stupid as the people who opened it in the first place.
- gotamd, on 10/12/2007, -0/+2I love the thread in that forum! So hillarious:
"I am currently backing up RELIGIOUSLY everything on all of the computers in the house to my external. Then I'm going to disconnect my external so it doesn't get infected. My Mac is not infected yet *knocks on wood* but I cannot afford to lose any data. Right now, I am genuinely scared as to what is going to become of this.
I wonder what the mods are doing about this? Are they aware of it? This guy might be punished by law if anything serious happens like data loss. I'm like shaking. Someone please comfort me."
Wow...just, wow. - t3hX, on 10/12/2007, -0/+2Obviously "TFA" is wrong about the password - I've seen it run.
Anyway, it also sets off the Safari "This is an executable" warning when you download it. - bbeahm, on 10/12/2007, -0/+2but even if it was a virus the tally would be
MAC- 1
Windows-... oh wow, i cant even count that high - ne0nid, on 10/12/2007, -0/+2First off: This is NOT a virus, nor is it a Trojan.
It's an executable with a picture icon. If the user double-clicks it, it will run with normal user privileges.
This means that it can not harm your system, but ANY program that runs with YOUR privileges CAN delete anything in YOUR homedirectory that YOU own... .
ANY program... So this is not an exception... . And about the 'self-replicating' aspect: It isn't even doing that,
it is just using Bonjour for zero-networking... .
IF it wanted to harm your entire system and put itself into other executables, it would need higher privileges, which would NOT be granted, unless a password dialog is popped-up and the user enters his or her password!
Since OS X dynamically checks the content of a file, Safari or whatever descent browser would have warned the user that the downloaded file contains an executable! NOT an image.... .
This is just a damnass Hoax giving OS X a bad name :mad:
I can write you a little shellscript that deletes every file on your harddrive, and disguise it as a jpg or png file too... . Will it work? NO! It will run with user privileges!
Remember folks, this is NOT a virus, it is a userprogram that does bad things, but a bad written php page on your local webserver could wipe out your homedirectory as well.... .
Prove:
iMac:~ testaccount$ /Users/testaccount/Desktop/latestpics; exit
oah - setxattr did _not_ handle oompa, errno: 13
cp: /Applications/Camino.app/Contents/MacOS/Camino: Permission denied
oah - setxattr did _not_ handle oompa, errno: 13
cp: /Applications/Google Earth.app/Contents/MacOS/Google Earth: Permission denied
oah - setxattr did _not_ handle oompa, errno: 13
cp: /Applications/Monolingual.app/Contents/MacOS/Monolingual: Permission denied
oah - setxattr did _not_ handle oompa, errno: 13
cp: /Applications/Adium.app/Contents/MacOS/Adium: Permission denied
oah - setxattr did _not_ handle oompa, errno: 13
cp: /Applications/Skype.app/Contents/MacOS/Skype: Permission denied
logout
NOT a virus! - Berkana, on 10/12/2007, -2/+4Correction: if this one does spread by IM, then it may be the first one propagating in the wild. However, if it requires human stupidity and gullibility to launch, it still doesn't spread the way Windows viruses can, fully automated.
Now, the problem is, if I'm not mistaken, a good number of Mac users are simpletons when it comes to computers, so banking on their gullibility might just work well enough to make this problematic. - fanboydcs, on 10/12/2007, -3/+5Not a virus, I can make a virus.command script that you can double click on and it will delete your whole home directory, IT IS NOT A VIRUS.
- borisonanovitch, on 10/12/2007, -0/+2"1) there have been about 40 viruses on OS X, and legitimate ones (ones that actually use exploits). Google it."
Then, actually RTFA. Those viruses are for pre-OS X macs. For OS X there are only MS Word macro virii. - geminitojanus, on 10/12/2007, -0/+2A Windows user trys to avoid viruses/trojans/spyware/adware by installing a bunch of software to prevent it all from running/being installed.
A Mac user seeks out the virus/trojan/spyware/adware and tries to install it, JUST to see what it can do. (In short, not a whole lot).
Oh irony. - Boondoggle, on 10/12/2007, -0/+1"I e-mailed Apple about this, now we'll see what happens."
Thank God you're on top of things. - deadbaby, on 10/12/2007, -1/+2This is a TROJAN, not a virus. It spreads the same way 'CheckThisOut.jpg.exe" spreads -- by user interaction. The clever thing they did here was to use an OSX JPG icon and they packaged it in a .tgz file which iChat automatically extracts IIRC. Clever but nothing shocking.. In 10 minutes you could write this type of Trojan for any OS, including Linux, OpenBSD, Windows, BeOS, MSDOS, etc, etc.
If you're worried, close iChat and use Adium for a few days. This only effects iChat users due to the use of Bonjour & Rendeveus. - elpayo, on 10/12/2007, -1/+2PEBKAC
- flap, on 10/12/2007, -1/+2Trojans are awesome...because only retarded people end up running them and having issues.
- inkswamp, on 10/12/2007, -0/+1>It's the Mac fanboys such as yourself who aren't reading the thing.
I'm no Mac fanboy, but the fact is that this isn't a virus and no amount of name-calling makes up for not reading this thing very carefully.
> If you actually read it, multiple people say they have been
> infected without inputing any password.
Multiple people on macrumors.com who have no idea what they're dealing with are freaking out and assuming that's what happened. You assume they know what they're talking about. How about reading what the guy who is working on disassembling the thing has to say?
http://www.ambrosiasw.com/forums/index.php?showtopic=102379
See anywhere on the page where he says it's a virus? Oh that's right, you're not bothering to read this stuff. I'll help you. From that page:
"At this time, I would classify this as a Trojan, not a virus" - The_Dark_Titan, on 10/12/2007, -0/+1True, it is definitely not a virus LMAO! Some users are just too stupid to open a file and assume its extension really represents what it is!
fanboydcs is perfectly right! - repomonkey, on 10/12/2007, -0/+1Not available on PC. No digg. :p
- trogdoor, on 10/12/2007, -0/+1Also this is not a malicious picture file like you can make using the WMF exploit. It is an application with an icon that makes it look like a picture but the extension is _not_ hidden and therefore you would have to be pretty naive to believe that it was a picture. Also the file is automatically decompressed by iChat but it is _not_ run automatically so again this is not an exploit in the mac OS, it is purely social engineering.
- fungifred, on 10/12/2007, -0/+1dumb, just plain dumb for all the reasons mentioned above
- inkswamp, on 10/12/2007, -0/+1> It's a trojan, not a virus. There's a HUGE difference.
And on top of that (according to the post at ambrosiasw.com) it "does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system."
I'm not sure I understand why so many Mac-bashers insist on coming into this thread and posting their know-nothing comments anyway. - maxmiles, on 10/12/2007, -2/+3
1.
"...and so it was. As the bird flu pandemic silently spread around the globe, securing it's talons into each and every enclave of humanity on this dirty planet, so too did the first Macintosh virus begin it's deadly yet silent crawl. Within eight months a third of all mac users had the virus. After a year it was speading quickly, infecting everthing... iMacs, eMacs, even the new 'Maxie Macs' were infected. As the bird flu wiped out millions, then billions across the globe, the Mac virus reared it ugly head and gave a last, sick, odd, and cruel joke to the mac masses. Stuck on mac screens everywhere read, "DON'T WORRY. THERE'S NO VIRUSES FOR THE MAC."
2.
No longer even true, the virus aggrivated mac users even more because no one could get it off the screen. Steve Jobs and co. had managed to develop a vaccine for the bird flu just in time, sending "automatic updates" of the miracle drug to mac users, saving all of them from the terrible stench of death that destroyed everything else. 5% of the population was thus saved, yet the macs were gone, useless with the 'screen of idiotic happiness' as the virus effect became know. A popular lement of those times was, "Digg effect, where art thou?" - t3hX, on 10/12/2007, -0/+1>This is a TROJAN, not a virus. It spreads the same way 'CheckThisOut.jpg.exe" spreads -- by
>user interaction. The clever thing they did here was to use an OSX JPG icon and they packaged
>it in a .tgz file which iChat automatically extracts IIRC. Clever but nothing shocking.. In 10
>minutes you could write this type of Trojan for any OS, including Linux, OpenBSD, Windows,
>BeOS, MSDOS, etc, etc.
>If you're worried, close iChat and use Adium for a few days. This only effects iChat users due to
?the use of Bonjour & Rendeveus.
Slightly wrong. iChat doesn't automatically open anything. YOU have to open it. If you get a random file sent to you over Bonjour, DO NOT open it. That's all it takes, (un)common sense. - t3hX, on 10/12/2007, -0/+1>Hey, most of those viruses can still legitimately be ran on OS X through Classic. So HA.
Actually, most I've found hook themselves into Finder, and since Classic doesn't have it, they don't run very well.
Not that anyone USES classic any more.
Even those that do, it's like this:
Mac OS 9 / Classic - ~20-40 viruses (many of which don't even work, and have disappeared by now).
Windows - no estimate, clearly larger than that. Too many to count. - Darkelysium, on 10/12/2007, -1/+2Sadly i must say we mac users truly are asking for trouble. I mean its only a matter of time before someone puts out a self propagating virus and we are left eating out own words. have we become that thick skinned to the possiblity that because we use macs that makes us impervious to the problems windows has with viruses. If we continue the stance that most mac users have against viruses, then one day its going to bite us in the ass and we are going to be left eating crow. That will be a very sad day indeed.
- coolbru, on 10/12/2007, -0/+1Reminds me of the dumb virus:
"Sorry I'm no good at writing viruses. Please delete all your files and ask your friends to do the same."
Amounts to much the same. - silent1, on 10/12/2007, -0/+1ALREADY LAUGHABLE: This "virus" is little more than a script. Some brave souls had already ran it (I'm hoping on machines they could easily reinstall - just in case). It was denied permission for everything it tried to do and exited harmlessly. Exactly as expected on a secure Unix box.
The dialogue went something like:
$ delete everything
Um ... no. $ - kalisphoenix, on 10/12/2007, -0/+0"Yeah, because we all know that Apple created the OSX interface from scratch. It looks nothing like a refined CDE ... nooo, not at all."
CDE? wtf? You have heard of, you know, every other version of Mac OS to ever exist, combined with the NeXSTEP iconbar?
Why in the hell would *anyone* copy CDE? Why would you even think of such a thing? Did you program it or something?
Seriously -- CDE? wtf? - geminitojanus, on 10/12/2007, -0/+0Hey, most of those viruses can still legitimately be ran on OS X through Classic. So HA.
- farrellj, on 10/12/2007, -0/+0Ah...at best, it's a lame piece of malware. Not really any worse than "rm -rf /" if you were root/administrator...both need a really stooopid person to "activate" them.
- Sal42, on 10/12/2007, -0/+0symantec says it is a worm: http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html
- ianbetteridge, on 10/12/2007, -0/+0You don't have to type in your password if you're running as the Admin user.
- Cannelle, on 10/12/2007, -0/+0"You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it."
That's a big part of the difinition of the word virus. And it IS a virus. If it executed itself (without user interaction), it would be a worm. It's not a worm -- it is a virus. - cheesetoe, on 10/12/2007, -0/+0Anyone got a link to the "virus", it seems to have been removed from the macrumors forums. I'll beta test it on my Mac, and let you you all know what happens, if anything.
- pinnette, on 10/12/2007, -2/+2A better title would have been, "Fanboys OWNED". Now if they could just stop putting every single piece of Apple information on the front page of digg.(fully realizing that this is one of those stupid useless stories that doesn't actually deserve to be on the front page)
- breakneckridge, on 10/12/2007, -0/+0Here is a Digg to a story on the subject that is Digg worthy
http://digg.com/apple/OS_X_Virus_Updates - breakneckridge, on 10/12/2007, -0/+0It's good this was buried off the front page. The forum thread that this digg points to has a lot of incorrect information, which could be just as damaging as any virus. People will go "OMG! A VIRUS!" and then start running around monkeying with things. The initial reports seem to indicate that this malware requires a user to double click, may or may not require input of a password, and supposedly doesn't execute any damaging events anyway. Since that's the case it's better to get the information right rather than fast.
- breakneckridge, on 10/12/2007, -0/+0You need to type in an administrator password for this to run. The people who said they didn't realized they were logged into OS X as an administrator, not a user.
- matgorb, on 10/12/2007, -0/+0Somebody asked for Mac OS 7.5, I don't know if it's a joke or not, but it's free at Apple:
http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/English-North_American/Macintosh/System/Older_System/System_7.5_Version_7.5.3/ - bmcnitt, on 10/12/2007, -0/+0so far there are no google, symantec, or macafee results for "latestpics.tgz". hoping authoritative info turns up soon.
- cheesetoe, on 10/12/2007, -0/+0Sorry to interupt the pending flame war, but http://www.ambrosiasw.com/forums/index.php?showtopic=102379 has some good info on the situation, including - the disassembly of the executable (it's just a plain text file) for your reading pleasure. Also "There also appear bugs in the code... too funny!"
-
Show 51 - 100 of 143 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is